[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Access list



Essentially, you simply have to master one concept; your netmask wildcard
should be one number less than the number of hosts you need to specify.
However, please remember that valid ranges of the netmask wildcard
definitions are in values of 1, 3, 5, 7, 9, 11, 13, 15... e.t.c up to 255.

Regards,

Mark Tinka - CCNA
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel:   +256-41-258143
Fax:   +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web:     www.africaonline.co.ug



-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org]On Behalf Of
Bruce Campbell
Sent: Wednesday, February 19, 2003 8:14 PM
To: afnog at afnog.org
Subject: Re: Access list


On Wed, 19 Feb 2003, Scott Weeks wrote:

> Oops, I was running off to an emergency in the data center.  I should've
> waited to send the email until afterwards...

A handy tool to have is the old 'aggis'[1], which can nicely tell you the
requisite subnet magic to put in cisco ACLs, eg:

$ aggis -D 192.168.33.50 - 192.168.33.58

  The range of nets from 192.168.33.50 to 192.168.33.58/32(0) can be
  represented by:

     192.168.33.50/31(0.0.0.1)  (  2 hosts: 192.168.33.50 - 192.168.33.51 )
     192.168.33.52/30(0.0.0.3)  (  4 hosts: 192.168.33.52 - 192.168.33.55 )
     192.168.33.56/31(0.0.0.1)  (  2 hosts: 192.168.33.56 - 192.168.33.57 )
     192.168.33.58/32(0)  (  1 host:  192.168.33.58 )

If you've got control over the actual range of addresses, it'll make your
future ACL work much easier to put it in a neat bit boundary, eg:

  The range of nets from 192.168.33.48 to 192.168.33.55/32(0) can be
  represented by:

     192.168.33.48/29(0.0.0.7)  (  8 hosts: 192.168.33.48 - 192.168.33.55 )

--==--
Bruce.

[1] I cannot find an official distribution site anymore, so grab it
    from http://www.amsterdamned.org/~bc/aggis .



-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org




-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org