[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access list



On Wed, 19 Feb 2003, Scott Weeks wrote:

> Oops, I was running off to an emergency in the data center.  I should've
> waited to send the email until afterwards...

A handy tool to have is the old 'aggis'[1], which can nicely tell you the
requisite subnet magic to put in cisco ACLs, eg:

$ aggis -D 192.168.33.50 - 192.168.33.58

  The range of nets from 192.168.33.50 to 192.168.33.58/32(0) can be
  represented by:

     192.168.33.50/31(0.0.0.1)  (  2 hosts: 192.168.33.50 - 192.168.33.51 )
     192.168.33.52/30(0.0.0.3)  (  4 hosts: 192.168.33.52 - 192.168.33.55 )
     192.168.33.56/31(0.0.0.1)  (  2 hosts: 192.168.33.56 - 192.168.33.57 )
     192.168.33.58/32(0)  (  1 host:  192.168.33.58 )

If you've got control over the actual range of addresses, it'll make your
future ACL work much easier to put it in a neat bit boundary, eg:

  The range of nets from 192.168.33.48 to 192.168.33.55/32(0) can be
  represented by:

     192.168.33.48/29(0.0.0.7)  (  8 hosts: 192.168.33.48 - 192.168.33.55 )

--==--
Bruce.

[1] I cannot find an official distribution site anymore, so grab it
    from http://www.amsterdamned.org/~bc/aggis .



-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org