Thanks for the vote of support. I'm still very new at this. However, I
have this habit of second guessing myself all the time, and I'm pretty sure
my response was incorrect.
The first two permit statements can be considered redundant because there
are no deny statements leading to the "10.0.0.0" network.
So that means the 3 statements relating to network "192.168.18.0" need to be
reworked into 2.
The first statement denies ip traffic from "172.22.30.0-172.22.30.255"
access to the node "192.168.18.27".
The second statement permits ip traffic from "172.22.0.0-172.22.31.255" to
access any nodes from "192.168.18.0-192.168.18.255", this exludes the
traffic denied already above.
The third statement denies ip traffic from "172.22.0.0-172.22.255.255"
access to any nodes from "192.168.18.64-192.168.18.127".
If the second statement is taken out, then the third statement denies it
before it is able to get to the permit all statement.
In order for the second statement to be taken out, the third statement needs
to be modified so that traffic from "172.22.32.0-172.22.255.255" is denied
access to any nodes from "192.168.18.64-192.168.18.127". I don't know if
this can be done by using a wildcard mask though, and I'm not able to figure
it out.
Sorry about the length, hopefully somebody can post the correct answer this
time. :-p
- Jeremy Felt
[EMAIL PROTECTED]
----- Original Message -----
From: "no mail"
To:
Sent: Monday, July 16, 2001 3:41 PM
Subject: Re: Access List problem. [7:12525]
> I like Jeremy's answer. It seems like the permit all at the end makes
> everything else except the denies redundant.
>
>
> ""Jeremy Felt"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have a familiar feeling that I'm going to be completely off on this
one,
> > but hopefully the correct answer will be posted so I can figure out why.
> >
> > As long as the correct "deny" statements are there, it seems to me that
> the
> > other "permit" statements would be redundant when used with the "permit
> all"
> > statement at the end.....
> >
> > access-list 101 deny ip 172.22.30.0 0.0.0.255 192.168.18.27 0.0.0.0
> > access-list 101 deny ip 172.22.0.0 0.0.255.255 192.168.18.64 0.0.0.63
> > access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0
255.255.255.255
> >
> >
> > Looking forward to the answer,
> >
> > - Jeremy Felt
> > [EMAIL PROTECTED]
> >
> >
> > ----- Original Message -----
> > From: "Robert Fowler"
> > To:
> > Sent: Monday, July 16, 2001 2:05 PM
> > Subject: Access List problem. [7:12525]
...[snipped message]...
> > > access-list 101 permit ip 172.22.30.6 0.0.0.0 10.0.0.0 0.255.255.255
> > > access-list 101 permit ip 172.22.30.95 0.0.0.0 10.11.12.0 0.0.0.255
> > > access-list 101 deny ip 172.22.30.0 0.0.0.255 192.168.18.27 0.0.0.0
> > > access-list 101 permit ip 172.22.0.0 0.0.31.255 192.168.18.0 0.0.0.255
> > > access-list 101 deny ip 172.22.0.0 0.0.255.255 192.168.18.64 0.0.0.63
> > > access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0
> 255.255.255.255
> > >
> > > Have fun...
> > >
> > >
> > > Thank You,
> > > Robert Fowler
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12549&t=12525
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
