02-07-2006 06:43 PM - edited 03-03-2019 11:41 AM
Hi
Need to configure ACL for distribute-list :
1. 100.100.x.0
150.1.1.1
10.1.1.1
1.1.1.1
subnets are advertised by peer router.
2. permit less than x = 15 which is even like 14, 12, 10...
3. permit 150.1.1.1
4. permit 1.1.1.1
5. permit 10.1.1.1
6. use 3lines of ACL for distribute-list
so, i think
a. deny all odds
b. deny all greater than 16
c. permit all
i have no idea for b. does anybody any idea for this question?
Very thanks
02-07-2006 07:08 PM
Here's your answer:
permit 1.1.1.1 0.0.0.0
permit 2.1.1.1 158.0.0.0
permit 100.100.0.0 0.0.14.0
You can't do anything with 1.1.1.1 so it takes up a line by itself.
Now, take 150.1.1.1 and 10.1.1.1. Their first octets in binary are:
150 = 10010100
10 = 00001010
Now, consider each bit in turn, starting from left (bit 0) to right (bit 7).
Bit 0 can be a don't care bit since it needs to match both 0 and 1
Bit 1 has to be 0 for both
Bit 2 has to be 0 for both
Bit 3 can be a don't care bit since it needs to match both 0 and 1
Bit 4 can be a don't care bit since it needs to match both 0 and 1
Bit 5 can be a don't care bit since it needs to match both 0 and 1
Bit 6 has to be 1 for both
Bit 7 has to be 0 for both
Therefore, the wildcard mask is: 10011110 (158). The corresponding network octet is: 00000010 (2)
That gives you your second line.
Now for the last one. We need to allow 0,2,4,6,8,10,12,14 for the third octet. In binary, they are:
2 = 00000010
4 = 00000100
6 = 00000110
8 = 00001000
10 = 00001010
12 = 00001100
14 = 00001110
Bits 0-3 are common and should be zero
Bits 4-6 can be either 0 or 1 so they should be don't care bits
Bit 7 has to be 0 for both.
Therefore, the wildcard mask is: 00001110 (14). The corresponding network octet is: 00000000 (0)
Hope that helps - pls rate the post if it does.
Paresh
02-07-2006 08:37 PM
Whoops.. actually, I don't think the second line will work too well...it will match more addresses than necessary
need to give it a bit more thought..
PK
02-07-2006 08:47 PM
Ok, I don't think you can do better than 4 ACL lines for this requirement:
permit 1.1.1.1 0.0.0.0
permit 10.1.1.1 0.0.0.0
permit 150.1.1.1 0.0.0.0
permit 100.100.0.0 0.0.14.0
Happy to see any other suggestions...
Paresh
02-07-2006 10:13 PM
I think this approach is reasonable, but i have no idea for b.
a. deny all odds
b. deny all greater than 16
c. permit all
02-07-2006 10:17 PM
Not sure what you are referring to here..
The 'permit 100.100.0.0 0.0.14.0' statement will meet you requirement:
- it will deny all odds (less than 15)
- it will deny all third octets greater than 16
Is that what you wanted or do you mean something else ?
Paresh
02-07-2006 10:22 PM
you missed these :
3. permit 150.1.1.1
4. permit 1.1.1.1
5. permit 10.1.1.1
02-07-2006 11:38 PM
For these three, I don't believe you can do any better than:
permit 1.1.1.1 0.0.0.0
permit 10.1.1.1 0.0.0.0
permit 150.1.1.1 0.0.0.0
Paresh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide