Re: Access List problem. [7:12525]

Tue, 17 Jul 2001 05:58:09 -0700 

Line 6 should be there.

Line 5 define subset of line 6 with type of deny and is widest range in
prior lines.
should stay.

Line 4 source address is in range of 5 with type of permit. destination
address out of
range of 5, so, it equivalence to: permit x.x.x.x 0.0.31.255 y.y.y.y
0.0.0.63. This line
should stay.

Line 3's destination address out of range 4, 5. and fall into 6 with deny.
so, it should
stay.

Line 1, 2 are all in range 6 with permit, is overlapped.

Then, the access-list become:

1.access-list 101 deny ip 172.22.30.0 0.0.0.255 192.168.18.27 0.0.0.0
2.access-list 101 permit ip 172.22.0.0 0.0.31.255 192.168.18.64 0.0.0.63
3.access-list 101 deny ip 172.22.0.0 0.0.255.255 192.168.18.64 0.0.0.63
4.access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

If it is not wrong with my derive above and original access is equivalent to
access list
above, it is ealy to prove that none of those lines can be removed any more.
So, I think
4 lines access list required.

Robert Fowler wrote:

> Someone sent me this and I just can't figure it out. I've been staring at
it
> and trying things since last week. Any ideas?
>
> Jeff Doyle says this access-list can be rewritten with 3 lines and still
> provide the same functionality.  Let me know if you guys figure out:
>
> access-list 101 permit ip 172.22.30.6 0.0.0.0 10.0.0.0 0.255.255.255
> access-list 101 permit ip 172.22.30.95 0.0.0.0 10.11.12.0 0.0.0.255
> access-list 101 deny ip 172.22.30.0 0.0.0.255 192.168.18.27 0.0.0.0
> access-list 101 permit ip 172.22.0.0 0.0.31.255 192.168.18.0 0.0.0.255
> access-list 101 deny ip 172.22.0.0 0.0.255.255 192.168.18.64 0.0.0.63
> access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
>
> Have fun...
>
> Thank You,
> Robert Fowler

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of jeffrey.wang.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12635&t=12525
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to