Re: Access-List questions [7:31001]

Hunt Lee Sat, 05 Jan 2002 15:34:45 -0800

Ok - here's what I understand so far:

to permit range only 10.10.10.40 - 10.10.10.49


128  64  32  16  8  4  2  1

               1         1                         40
               1         1          1             41
               1         1       1 0             42
               1         1       1 1             43
               1         1   1  0 0             44
               1         1   1  0 1             45
               1         1   1  1 0             46
               1         1   1  1 1             47
               1   1    0   0  0 0             48
               1   1    0   0  0 1             49
                                                      ..
                                                      ..
               1   1    1   1  1 1             63


Until I draw this out, I realize if I use 10.10.10.40 0.0.0.31
(16+8+4+2+1=31, the last 5 bits unchecked), it would include addresses all
the way to 10.10.10.63

So then, I split off the first part

128  64  32  16  8  4  2  1

               1         1                         40
               1         1          1             41
               1         1       1 0             42
               1         1       1 1             43
               1         1   1  0 0             44
               1         1   1  0 1             45
               1         1   1  1 0             46
               1         1   1  1 1             47

getting => 10.10.10.40 0.0.0.7 (4+2+1=7, the last 3 bits unchecked) - and
since this includes the range of 10.10.10.40 to 10.10.10.47, the next range
will start with 10.10.10.48:

128  64  32  16  8  4  2  1

               1   1    0   0  0 0             48
               1   1    0   0  0 1             49

getting => 10.10.10.48 0.0.0.1 (the last 1 bit unchecked) - hence getting
the range of 10.10.10.48 to 10.10.10.49

Am I on the right track? - and I'm very sorry for the long message (I just
want you guys to check whether my processes are correct or not)

And if I'm correct, is there any faster way than this?

Thanks again.

Hunt




""D. J. Jones""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Think of it in the same terms as you would a normal subnet mask Lee.
>
> You want to permit address 10.10.10.40 thru 10.10.10.49.
> 10.10.10.40 255.255.255.248 is equal to 10.10.10.40 0.0.0.7 and
> includes the addresses 10.10.10.40 thru 10.10.10.47. Furthermore,
> 10.10.10.48 255.255.255.254 is equal to 10.10.10.48 0.0.0.1 and
> includes the addresses 10.10.10.48 thru 10.10.10.49.
>
> Try to always think binary.  In this case the first range falls on an 8
bit
> boundary with the range 0 1 2 3 4 5 6 7.  The second ranges starts
> on an 8 bit boundary with the range 0 1.  You should now be able to see
> that as 0.0.0.7 and 0.0.0.1.  Hope this helps.
> ""Hunt Lee""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Thanks for the response guys  :)  But can anyone explain to me how do
you
> > guys derive:
> >
> > 10.10.10.40 0.0.0.7 & 10.10.10.48 0.0.0.1
> >
> > And also, for the second statement, how do you know 48 has to be placed
in
> > the fourth octet?
> >
> > I'm still very confused, but thanks for your help in advance.
> >
> > Best Regards,
> > Hunt Lee
> >
> >
> > ""Gaz""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > You're not wrong, spotted the previous mistake, you just missed off an
> > > address. That's a nice way of putting it eh?
> > >
> > > Changing your second line to Permit 10.10.10.48 0.0.0.1 will do the
> trick
> > > because it allows 48 and 49 through.
> > >
> > > Regards,
> > >
> > > Gaz
> > >
> > >
> > > ""Shengtao""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > I think "Permit 10.10.10.40 0.0.0.7" will allow 40-47, and you need
> > > another
> > > > statement " Permit 10.10.10.48 0.0.0.0" to allow 48 to get through.
> > > >
> > > > Am I worng?
> > > >
> > > >
> > > > ""Godswill HO""  wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > Hi,
> > > > >
> > > > > Try the following:
> > > > >
> > > > > IP access-list standard allowed
> > > > > Permit 10.10.10.40 0.0.0.7
> > > > > Permit  10.10.10.49 0.0.0.0
> > > > >
> > > > > The first permit statement allow addresses n.n.n.40 to n.n.n.48,
> while
> > > the
> > > > > last one allow address n.n.n.49. There is no way you can deny
whole
> > > range
> > > > > without affecting other addresses with one single statement.
> > > > >
> > > > > When appliying it to your interface say:
> > > > >
> > > > > Router(config-if)#IP access-group allowed in
> > > > >
> > > > > Regards.
> > > > > Oletu
> > > > >
> > > > > ----- Original Message -----
> > > > > From: Hunt Lee
> > > > > To:
> > > > > Sent: Friday, January 04, 2002 9:29 PM
> > > > > Subject: Access-List questions [7:31001]
> > > > >
> > > > >
> > > > > > Hello there,
> > > > > >
> > > > > > I need some help on Access-Lists:
> > > > > >
> > > > > > Say if I want to permit network access to only 10.10.10.1 -
> > > 10.10.10.254
> > > > > >
> > > > > > I know you can simply use:
> > > > > >
> > > > > > Access-list 10 permit 10.10.10.0 0.0.0.255
> > > > > >
> > > > > > However, if I want to only permit the range of 10.10.10.40 to
> > > > 10.10.10.49
> > > > > > (inclusive), then what should I do?
> > > > > >
> > > > > > Any help is greatly appreciated.
> > > > > >
> > > > > > Best Regards,
> > > > > > Hunt Lee
> > > > > > IP Solution Analyst
> > > > > > Cable & Wireless
> > > > > _________________________________________________________
> > > > > Do You Yahoo!?
> > > > > Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31035&t=31001
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access-List questions [7:31001]

Reply via email to