Re: [nsp] Access list... grrrrr...

From: Greg Ketell (gketell@juniper.net)
Date: Mon Jan 24 2000 - 14:39:24 EST

Next message: Neil J. McRae: "Re: [nsp] CEF stability"
Previous message: Dave Bergum: "Re: [nsp] CEF stability"
In reply to: Evan McClure: "Re: [nsp] Access list... grrrrr..."
Next in thread: Charles Sprickman: "Re: [nsp] Access list... grrrrr..."
Reply: Charles Sprickman: "Re: [nsp] Access list... grrrrr..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

The easy way to keep them straight is to think of the mask in access-lists
as "don't care" bits.

A.B.C.D 0.0.0.63 would mean that I care about every bit in the A, B, and C
(there are no "don't care" bits), and in D I care about the first 2 bits
and don't care what the last 6 bits for matching purposes.

At 10:35 AM 1/24/00 -0800, Evan McClure wrote:
>On Mon, 24 Jan 2000, Daniele Orlandi wrote:
>
> > Xavier wrote:
> > >
> > > Allowing www traffic for a.b.c.d/26
> >
> > access-list 100 permit tcp any a.b.c.d 0.0.0.63 eq www
> >
> > > The cisco always changes my mask and/or address!?
> >
> > You are probably using 255.255.255.192 as the mask.
>
>
>I think Daniele was trying to say is that a standard type of access-lists
>uses a "wildcard mask". That's the "0.0.0.63" in Daniele's example.
>(That's something that you'll want to research and learn about.)
>
>Evan

Next message: Neil J. McRae: "Re: [nsp] CEF stability"
Previous message: Dave Bergum: "Re: [nsp] CEF stability"
In reply to: Evan McClure: "Re: [nsp] Access list... grrrrr..."
Next in thread: Charles Sprickman: "Re: [nsp] Access list... grrrrr..."
Reply: Charles Sprickman: "Re: [nsp] Access list... grrrrr..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:09 EDT