Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
4
Helpful
7
Replies

access list

ikizoo4
Level 1
Level 1

‎02-07-2006 06:43 PM - edited ‎03-03-2019 11:41 AM

Hi

Need to configure ACL for distribute-list :

1. 100.100.x.0

150.1.1.1

10.1.1.1

1.1.1.1

subnets are advertised by peer router.

2. permit less than x = 15 which is even like 14, 12, 10...

3. permit 150.1.1.1

4. permit 1.1.1.1

5. permit 10.1.1.1

6. use 3lines of ACL for distribute-list

so, i think

a. deny all odds

b. deny all greater than 16

c. permit all

i have no idea for b. does anybody any idea for this question?

Very thanks

Labels:
0 Helpful
7 Replies 7

pkhatri
Level 11
Level 11

‎02-07-2006 07:08 PM

Here's your answer:

permit 1.1.1.1 0.0.0.0

permit 2.1.1.1 158.0.0.0

permit 100.100.0.0 0.0.14.0

You can't do anything with 1.1.1.1 so it takes up a line by itself.

Now, take 150.1.1.1 and 10.1.1.1. Their first octets in binary are:

150 = 10010100

10 = 00001010

Now, consider each bit in turn, starting from left (bit 0) to right (bit 7).

Bit 0 can be a don't care bit since it needs to match both 0 and 1

Bit 1 has to be 0 for both

Bit 2 has to be 0 for both

Bit 3 can be a don't care bit since it needs to match both 0 and 1

Bit 4 can be a don't care bit since it needs to match both 0 and 1

Bit 5 can be a don't care bit since it needs to match both 0 and 1

Bit 6 has to be 1 for both

Bit 7 has to be 0 for both

Therefore, the wildcard mask is: 10011110 (158). The corresponding network octet is: 00000010 (2)

That gives you your second line.

Now for the last one. We need to allow 0,2,4,6,8,10,12,14 for the third octet. In binary, they are:

2 = 00000010

4 = 00000100

6 = 00000110

8 = 00001000

10 = 00001010

12 = 00001100

14 = 00001110

Bits 0-3 are common and should be zero

Bits 4-6 can be either 0 or 1 so they should be don't care bits

Bit 7 has to be 0 for both.

Therefore, the wildcard mask is: 00001110 (14). The corresponding network octet is: 00000000 (0)

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful

pkhatri
Level 11
Level 11
In response to pkhatri

‎02-07-2006 08:37 PM

Whoops.. actually, I don't think the second line will work too well...it will match more addresses than necessary

need to give it a bit more thought..

PK

0 Helpful

pkhatri
Level 11
Level 11
In response to pkhatri

‎02-07-2006 08:47 PM

Ok, I don't think you can do better than 4 ACL lines for this requirement:

permit 1.1.1.1 0.0.0.0

permit 10.1.1.1 0.0.0.0

permit 150.1.1.1 0.0.0.0

permit 100.100.0.0 0.0.14.0

Happy to see any other suggestions...

Paresh

ikizoo4
Level 1
Level 1
In response to pkhatri

‎02-07-2006 10:13 PM

I think this approach is reasonable, but i have no idea for b.

a. deny all odds

b. deny all greater than 16

c. permit all

0 Helpful

pkhatri
Level 11
Level 11
In response to ikizoo4

‎02-07-2006 10:17 PM

Not sure what you are referring to here..

The 'permit 100.100.0.0 0.0.14.0' statement will meet you requirement:

- it will deny all odds (less than 15)

- it will deny all third octets greater than 16

Is that what you wanted or do you mean something else ?

Paresh

0 Helpful

ikizoo4
Level 1
Level 1
In response to pkhatri

‎02-07-2006 10:22 PM

you missed these :

3. permit 150.1.1.1

4. permit 1.1.1.1

5. permit 10.1.1.1

0 Helpful

pkhatri
Level 11
Level 11
In response to ikizoo4

‎02-07-2006 11:38 PM

For these three, I don't believe you can do any better than:

permit 1.1.1.1 0.0.0.0

permit 10.1.1.1 0.0.0.0

permit 150.1.1.1 0.0.0.0

Paresh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card