Re: Access-List questions [7:31001]
Ooops. Sorry. Brain damage. ;-) Priscilla At 10:47 PM 1/6/02, Tom Lisa wrote: Priscilla, You MUST have been in a hurry, 0 means match this bit position and 1 means don't care. Definately can't argue with your second paragraph though. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy Priscilla Oppenheimer wrote: Have you put the addresses and masks in binary and tried to work it out for yourself? In the mask, 0 means don't care and 1 means must match. This is a quick answer due to a shortage of time and because I think you will learn best if you do it yourself. Priscilla At 05:38 PM 1/5/02, Hunt Lee wrote: Thanks for the response guys :) But can anyone explain to me how do you guys derive: 10.10.10.40 0.0.0.7 10.10.10.48 0.0.0.1 And also, for the second statement, how do you know 48 has to be placed in the fourth octet? I'm still very confused, but thanks for your help in advance. Best Regards, Hunt Lee Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31191t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
Priscilla, You MUST have been in a hurry, 0 means match this bit position and 1 means don't care. Definately can't argue with your second paragraph though. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy Priscilla Oppenheimer wrote: Have you put the addresses and masks in binary and tried to work it out for yourself? In the mask, 0 means don't care and 1 means must match. This is a quick answer due to a shortage of time and because I think you will learn best if you do it yourself. Priscilla At 05:38 PM 1/5/02, Hunt Lee wrote: Thanks for the response guys :) But can anyone explain to me how do you guys derive: 10.10.10.40 0.0.0.7 10.10.10.48 0.0.0.1 And also, for the second statement, how do you know 48 has to be placed in the fourth octet? I'm still very confused, but thanks for your help in advance. Best Regards, Hunt Lee Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31108t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31017t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31021t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
Thanks for the response guys :) But can anyone explain to me how do you guys derive: 10.10.10.40 0.0.0.7 10.10.10.48 0.0.0.1 And also, for the second statement, how do you know 48 has to be placed in the fourth octet? I'm still very confused, but thanks for your help in advance. Best Regards, Hunt Lee Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31030t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
Have you put the addresses and masks in binary and tried to work it out for yourself? In the mask, 0 means don't care and 1 means must match. This is a quick answer due to a shortage of time and because I think you will learn best if you do it yourself. Priscilla At 05:38 PM 1/5/02, Hunt Lee wrote: Thanks for the response guys :) But can anyone explain to me how do you guys derive: 10.10.10.40 0.0.0.7 10.10.10.48 0.0.0.1 And also, for the second statement, how do you know 48 has to be placed in the fourth octet? I'm still very confused, but thanks for your help in advance. Best Regards, Hunt Lee Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31032t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
The first entry, by ending in .7, allows for 10.10.10.40-47, remember this is a span of 8. Then you need 48 and 49, hence the .1. The .40 and .48 are network addresses, I'll refer you to one of the many subnet calculators out there if thinking in binary is not yet second nature. Brian Sonic Whalen Success = Preparation + Opportunity On Sat, 5 Jan 2002, Hunt Lee wrote: Thanks for the response guys :) But can anyone explain to me how do you guys derive: 10.10.10.40 0.0.0.7 10.10.10.48 0.0.0.1 And also, for the second statement, how do you know 48 has to be placed in the fourth octet? I'm still very confused, but thanks for your help in advance. Best Regards, Hunt Lee Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31033t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
Think of it in the same terms as you would a normal subnet mask Lee. You want to permit address 10.10.10.40 thru 10.10.10.49. 10.10.10.40 255.255.255.248 is equal to 10.10.10.40 0.0.0.7 and includes the addresses 10.10.10.40 thru 10.10.10.47. Furthermore, 10.10.10.48 255.255.255.254 is equal to 10.10.10.48 0.0.0.1 and includes the addresses 10.10.10.48 thru 10.10.10.49. Try to always think binary. In this case the first range falls on an 8 bit boundary with the range 0 1 2 3 4 5 6 7. The second ranges starts on an 8 bit boundary with the range 0 1. You should now be able to see that as 0.0.0.7 and 0.0.0.1. Hope this helps. Hunt Lee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for the response guys :) But can anyone explain to me how do you guys derive: 10.10.10.40 0.0.0.7 10.10.10.48 0.0.0.1 And also, for the second statement, how do you know 48 has to be placed in the fourth octet? I'm still very confused, but thanks for your help in advance. Best Regards, Hunt Lee Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31034t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
Ok - here's what I understand so far: to permit range only 10.10.10.40 - 10.10.10.49 128 64 32 16 8 4 2 1 1 1 40 1 1 1 41 1 1 1 0 42 1 1 1 1 43 1 1 1 0 0 44 1 1 1 0 1 45 1 1 1 1 0 46 1 1 1 1 1 47 1 10 0 0 0 48 1 10 0 0 1 49 .. .. 1 11 1 1 1 63 Until I draw this out, I realize if I use 10.10.10.40 0.0.0.31 (16+8+4+2+1=31, the last 5 bits unchecked), it would include addresses all the way to 10.10.10.63 So then, I split off the first part 128 64 32 16 8 4 2 1 1 1 40 1 1 1 41 1 1 1 0 42 1 1 1 1 43 1 1 1 0 0 44 1 1 1 0 1 45 1 1 1 1 0 46 1 1 1 1 1 47 getting = 10.10.10.40 0.0.0.7 (4+2+1=7, the last 3 bits unchecked) - and since this includes the range of 10.10.10.40 to 10.10.10.47, the next range will start with 10.10.10.48: 128 64 32 16 8 4 2 1 1 10 0 0 0 48 1 10 0 0 1 49 getting = 10.10.10.48 0.0.0.1 (the last 1 bit unchecked) - hence getting the range of 10.10.10.48 to 10.10.10.49 Am I on the right track? - and I'm very sorry for the long message (I just want you guys to check whether my processes are correct or not) And if I'm correct, is there any faster way than this? Thanks again. Hunt D. J. Jones wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Think of it in the same terms as you would a normal subnet mask Lee. You want to permit address 10.10.10.40 thru 10.10.10.49. 10.10.10.40 255.255.255.248 is equal to 10.10.10.40 0.0.0.7 and includes the addresses 10.10.10.40 thru 10.10.10.47. Furthermore, 10.10.10.48 255.255.255.254 is equal to 10.10.10.48 0.0.0.1 and includes the addresses 10.10.10.48 thru 10.10.10.49. Try to always think binary. In this case the first range falls on an 8 bit boundary with the range 0 1 2 3 4 5 6 7. The second ranges starts on an 8 bit boundary with the range 0 1. You should now be able to see that as 0.0.0.7 and 0.0.0.1. Hope this helps. Hunt Lee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for the response guys :) But can anyone explain to me how do you guys derive: 10.10.10.40 0.0.0.7 10.10.10.48 0.0.0.1 And also, for the second statement, how do you know 48 has to be placed in the fourth octet? I'm still very confused, but thanks for your help in advance. Best Regards, Hunt Lee Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly
Re: Access-List questions [7:31001]
Hunt, There are two schools of thought (at least). One of them involves thinking in binary, which I think is the more difficult, but depends how your mind works. I can work it out in binary on paper, but my head goes slower than the pen, so I use the second (and quickest) method: For the second method you have to think of everything in blocks (or chunks as I usually use because its unique and 'unconfusable' with any other term): The blocks can be 2, 4, 8, 16, 32, 64, 128 The only bit you have to do in your head is visualise how your addresses fit in to those blocks. I'll let someone else explain exactly how to visualise it as I will never be an instructor. My teaching methods sometimes have a negative effect. Sometimes irreversible :-) I think it's Leigh Anne Chisholm that has the way with the words. Once you've grasped it you'll wonder how you ever found it so difficult. All subnet calculations can be done in your head within a few seconds, except some none-contiguous wild cards (tricky some times). If you search the archives there are some good explanations though. Regards, Gaz D. J. Jones wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Think of it in the same terms as you would a normal subnet mask Lee. You want to permit address 10.10.10.40 thru 10.10.10.49. 10.10.10.40 255.255.255.248 is equal to 10.10.10.40 0.0.0.7 and includes the addresses 10.10.10.40 thru 10.10.10.47. Furthermore, 10.10.10.48 255.255.255.254 is equal to 10.10.10.48 0.0.0.1 and includes the addresses 10.10.10.48 thru 10.10.10.49. Try to always think binary. In this case the first range falls on an 8 bit boundary with the range 0 1 2 3 4 5 6 7. The second ranges starts on an 8 bit boundary with the range 0 1. You should now be able to see that as 0.0.0.7 and 0.0.0.1. Hope this helps. Hunt Lee wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for the response guys :) But can anyone explain to me how do you guys derive: 10.10.10.40 0.0.0.7 10.10.10.48 0.0.0.1 And also, for the second statement, how do you know 48 has to be placed in the fourth octet? I'm still very confused, but thanks for your help in advance. Best Regards, Hunt Lee Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You're not wrong, spotted the previous mistake, you just missed off an address. That's a nice way of putting it eh? Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the trick because it allows 48 and 49 through. Regards, Gaz Shengtao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think Permit 10.10.10.40 0.0.0.7 will allow 40-47, and you need another statement Permit 10.10.10.48 0.0.0.0 to allow 48 to get through. Am I worng? Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31037t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access-List questions [7:31001]
Hi, Try the following: IP access-list standard allowed Permit 10.10.10.40 0.0.0.7 Permit 10.10.10.49 0.0.0.0 The first permit statement allow addresses n.n.n.40 to n.n.n.48, while the last one allow address n.n.n.49. There is no way you can deny whole range without affecting other addresses with one single statement. When appliying it to your interface say: Router(config-if)#IP access-group allowed in Regards. Oletu - Original Message - From: Hunt Lee To: Sent: Friday, January 04, 2002 9:29 PM Subject: Access-List questions [7:31001] Hello there, I need some help on Access-Lists: Say if I want to permit network access to only 10.10.10.1 - 10.10.10.254 I know you can simply use: Access-list 10 permit 10.10.10.0 0.0.0.255 However, if I want to only permit the range of 10.10.10.40 to 10.10.10.49 (inclusive), then what should I do? Any help is greatly appreciated. Best Regards, Hunt Lee IP Solution Analyst Cable Wireless _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31006t=31001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]