Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Access list (http://www.velocityreviews.com/forums/t31717-access-list.html)

david 01-22-2004 02:43 AM
Access list
 
Please help me i am trying to build an accesslist to permit only
traffic from .180 to .240 hosts
My network address is 192.168.1.0 255.255.255.0

I have come up with only host from 192 and above
access-list 1 permit 192.168.1.192 0.0.0.63

Any suggestion on how i would include the 180 and exclude the 240 and
above

thanks

Bryan Martin 01-22-2004 02:55 AM
Re: Access list
 
access-list 101 permit tcp any host 192.168.1.180 0.0.0.15

This should allow 177 - 190 then you can deny 177 - 179 if you must

Bryan Martin

"david" <athaided@hotmail.com> wrote in message
news:cade243d.0401211843.68721d92@posting.google.c om...
> Please help me i am trying to build an accesslist to permit only
> traffic from .180 to .240 hosts
> My network address is 192.168.1.0 255.255.255.0
>
> I have come up with only host from 192 and above
> access-list 1 permit 192.168.1.192 0.0.0.63
>
> Any suggestion on how i would include the 180 and exclude the 240 and
> above
>
> thanks

Walter Roberson 01-22-2004 03:02 AM
Re: Access list
 
In article <cade243d.0401211843.68721d92@posting.google.com >,
david <athaided@hotmail.com> wrote:
:Please help me i am trying to build an accesslist to permit only
:traffic from .180 to .240 hosts

:I have come up with only host from 192 and above
:access-list 1 permit 192.168.1.192 0.0.0.63

:Any suggestion on how i would include the 180 and exclude the 240 and
:above

access-list 1 permit 192.168.1.180 0.0.0.3
access-list 1 permit 192.168.1.184 0.0.0.7
access-list 1 permit 192.168.1.192 0.0.0.31
access-list 1 permit 192.168.1.224 0.0.0.15
--
This signature intentionally left... Oh, darn!

Walter Roberson 01-22-2004 03:07 AM
Re: Access list
 
In article <zYGPb.260$F86.40093@twister.southeast.rr.com>,
Bryan Martin <uce@ftc.gov> wrote:
:access-list 101 permit tcp any host 192.168.1.180 0.0.0.15

:This should allow 177 - 190 then you can deny 177 - 179 if you must

Surely that wouldn't be allowed -- it would complain that 180 didn't
match the .15 bitmask.
--
Most Windows users will run any old attachment you send them, so if
you want to implicate someone you can just send them a Trojan
-- Adam Langley

Hansang Bae 01-23-2004 04:48 AM
Re: Access list
 
> In article <zYGPb.260$F86.40093@twister.southeast.rr.com>,
> Bryan Martin <uce@ftc.gov> wrote:
> :access-list 101 permit tcp any host 192.168.1.180 0.0.0.15
> :This should allow 177 - 190 then you can deny 177 - 179 if you must

would allow 176-191...


In article <buneqb$4h3$1@canopus.cc.umanitoba.ca>, roberson@ibd.nrc-
cnrc.gc.ca says...
> Surely that wouldn't be allowed -- it would complain that 180 didn't
> match the .15 bitmask.


I don't see why not. It's just a bit mask pattern - no subnet
restrictions or anything like that.


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************

Barry Margolin 01-23-2004 07:40 PM
Re: Access list
 
In article <MPG.1a7a71b07cb2180a989bb1@news-server.nyc.rr.com>,
Hansang Bae <uonr@alp.ee.pbz> wrote:

> > In article <zYGPb.260$F86.40093@twister.southeast.rr.com>,
> > Bryan Martin <uce@ftc.gov> wrote:
> > :access-list 101 permit tcp any host 192.168.1.180 0.0.0.15
> > :This should allow 177 - 190 then you can deny 177 - 179 if you must
>
> would allow 176-191...
>
>
> In article <buneqb$4h3$1@canopus.cc.umanitoba.ca>, roberson@ibd.nrc-
> cnrc.gc.ca says...
> > Surely that wouldn't be allowed -- it would complain that 180 didn't
> > match the .15 bitmask.
>
>
> I don't see why not. It's just a bit mask pattern - no subnet
> restrictions or anything like that.

Although it would be nice if the ACL parser warned when you're masking
off non-zero bits. It's almost never intentional. And in the case
where you mistakenly enter a subnet mask in place of a wildcard mask, it
has the exact opposite results than were intended. E.g. if you do:

access-list 1 deny 10.0.0.0 255.0.0.0

it's equivalent to:

access-list 1 deny 0.0.0.0 255.0.0.0

which only blocks addresses 0.x.x.x.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

homer 06-22-2007 07:19 PM
access-list 1 permit 192.168.1.184 0.0.0.7

would only permit .180 - .187 what about 188-191?

Quote:
Originally Posted by Walter Roberson
In article <cade243d.0401211843.68721d92@posting.google.com >,
david <athaided@hotmail.com> wrote:
:Please help me i am trying to build an accesslist to permit only
:traffic from .180 to .240 hosts

:I have come up with only host from 192 and above
:access-list 1 permit 192.168.1.192 0.0.0.63

:Any suggestion on how i would include the 180 and exclude the 240 and
:above

access-list 1 permit 192.168.1.180 0.0.0.3
access-list 1 permit 192.168.1.184 0.0.0.7
access-list 1 permit 192.168.1.192 0.0.0.31
access-list 1 permit 192.168.1.224 0.0.0.15
--
This signature intentionally left... Oh, darn!


All times are GMT. The time now is 06:29 PM.

Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57