Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

access list

Hi

Need to configure ACL for distribute-list :

1. 100.100.x.0

150.1.1.1

10.1.1.1

1.1.1.1

subnets are advertised by peer router.

2. permit less than x = 15 which is even like 14, 12, 10...

3. permit 150.1.1.1

4. permit 1.1.1.1

5. permit 10.1.1.1

6. use 3lines of ACL for distribute-list

so, i think

a. deny all odds

b. deny all greater than 16

c. permit all

i have no idea for b. does anybody any idea for this question?

Very thanks

7 REPLIES
Purple

Re: access list

Here's your answer:

permit 1.1.1.1 0.0.0.0

permit 2.1.1.1 158.0.0.0

permit 100.100.0.0 0.0.14.0

You can't do anything with 1.1.1.1 so it takes up a line by itself.

Now, take 150.1.1.1 and 10.1.1.1. Their first octets in binary are:

150 = 10010100

10 = 00001010

Now, consider each bit in turn, starting from left (bit 0) to right (bit 7).

Bit 0 can be a don't care bit since it needs to match both 0 and 1

Bit 1 has to be 0 for both

Bit 2 has to be 0 for both

Bit 3 can be a don't care bit since it needs to match both 0 and 1

Bit 4 can be a don't care bit since it needs to match both 0 and 1

Bit 5 can be a don't care bit since it needs to match both 0 and 1

Bit 6 has to be 1 for both

Bit 7 has to be 0 for both

Therefore, the wildcard mask is: 10011110 (158). The corresponding network octet is: 00000010 (2)

That gives you your second line.

Now for the last one. We need to allow 0,2,4,6,8,10,12,14 for the third octet. In binary, they are:

2 = 00000010

4 = 00000100

6 = 00000110

8 = 00001000

10 = 00001010

12 = 00001100

14 = 00001110

Bits 0-3 are common and should be zero

Bits 4-6 can be either 0 or 1 so they should be don't care bits

Bit 7 has to be 0 for both.

Therefore, the wildcard mask is: 00001110 (14). The corresponding network octet is: 00000000 (0)

Hope that helps - pls rate the post if it does.

Paresh

Purple

Re: access list

Whoops.. actually, I don't think the second line will work too well...it will match more addresses than necessary

need to give it a bit more thought..

PK

Purple

Re: access list

Ok, I don't think you can do better than 4 ACL lines for this requirement:

permit 1.1.1.1 0.0.0.0

permit 10.1.1.1 0.0.0.0

permit 150.1.1.1 0.0.0.0

permit 100.100.0.0 0.0.14.0

Happy to see any other suggestions...

Paresh

Community Member

Re: access list

I think this approach is reasonable, but i have no idea for b.

a. deny all odds

b. deny all greater than 16

c. permit all

Purple

Re: access list

Not sure what you are referring to here..

The 'permit 100.100.0.0 0.0.14.0' statement will meet you requirement:

- it will deny all odds (less than 15)

- it will deny all third octets greater than 16

Is that what you wanted or do you mean something else ?

Paresh

Community Member

Re: access list

you missed these :

3. permit 150.1.1.1

4. permit 1.1.1.1

5. permit 10.1.1.1

Purple

Re: access list

For these three, I don't believe you can do any better than:

permit 1.1.1.1 0.0.0.0

permit 10.1.1.1 0.0.0.0

permit 150.1.1.1 0.0.0.0

Paresh

112
Views
4
Helpful
7
Replies
CreatePlease to create content