Re: wildcard in access-list

>I have two parts of a large network, the first part using 141.120.0.0 >thru 141.120.7.255 and the second part using 141.120.128.0 thru >141.120.135.255. At the router connecting to Internet I want access from >outside limited only to these subnets and not to other addresses used. I >know that the

RE: wildcard in access-list

n Behalf Of Howard C. Berkowitz Sent: Saturday, March 03, 2001 1:31 PM To: [EMAIL PROTECTED] Subject: Re: wildcard in access-list >I have two parts of a large network, the first part using 141.120.0.0 >thru 141.120.7.255 and the second part using 141.120.128.0 thru >141.120.135.255

RE: wildcard in access-list

Let's see... You don't care whether bit 16 (or is that 17 :?) is a 0 or a 1, right? Then the wildcard bit can be 1 :) A general statement would be: If you have two otherwise identical ACL statements with addresses that differ only in one bit position, then you can combine the ACLs int

RE: wildcard in access-list

> >Why? To which Bob Vance responded, > >Less processing. CPU power is cheaper than brainpower, downtime through errors, etc. >Elegance :) I've always regarded an elegant solution as one that is necessary and sufficient for all criteria. Maintainability is a criterion.

RE: wildcard in access-list

>Bob Vance wrote, >IIRC, at least stating at some IOS version level, this is being done >automatically for you by IOS when it stores the ACL in the >configuration. Thus, if you typed: > > access-list 101 tcp permit any 141.120.128.0 0.0.135.255 > >it would actually show up via a 'sh run' a

RE: wildcard in access-list

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard C. Berkowitz Sent: Sunday, March 04, 2001 11:35 AM To: [EMAIL PROTECTED] Subject: RE: wildcard in access-list > >Why? To which Bob Vance responded, > >Less processing.