the first access-list will not work. The second one will also deny networks 192.17.72.0 and 78.0 as well as 79.0 - You are correct about zeros must make at 1's are don't care, but you need to understand the basic of subnetting. A 248.0 subnet mask means 8 "Class C" subnets. You have to start at a valid network address which in this case is 192.17.72.0
Router(config)#access-list 11 deny 192.17.73.0 0.0.7.255 Router#sho access-list 11 Standard IP access list 11 deny 192.17.72.0, wildcard bits 0.0.7.255 Notice that it fixes your mistake for you. Regards Andrew CCNP, CCDP, CSS1 -----Original Message----- From: Jason Steig [mailto:[EMAIL PROTECTED] Sent: 25 February 2003 16:26 To: [EMAIL PROTECTED] Subject: new access list problem [7:63715] Hello i networks 192.17.73.0 - 192.17.77.0 is there anyway to deny these networks with one entry in an access list? such as deny 192.17.73.0 0.0.248.255? is this going to deny these networks? it's also going to black hole several other networks though. Or does the list have to be deny 192.17.73.0 0.0.7.255 ? i thought zeros must match and ones we don't care. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63722&t=63715 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]