Re: [nsp] ACL's

From: Majdi Abbas (majdi@puck.nether.net)
Date: Tue Oct 05 1999 - 14:40:20 EDT


> I'm trying to restrict telnet access to our router. What I did was
> create an access list like so:
>
> access-list 13 permit 192.168.0.0 0.0.0.255 which allows only access
> from that /24.
-snip-
> However, if I want to restrict access to ONE machine, say 192.168.0.8,
> what should the above read? access-list 13 permit 192.168.8.0
> 252.255.255.255??? I can't seem to get my head around the subnet mask

        .0 is the network (formerly broadcast ;) address. So that
wouldn't quite work. However, there's an easier way:

        access-list 13 permit host 192.168.13.13

        As for subnetmasks: Why couldn't you have a mask of
255.255.255.255? All a mask is is a way of telling equipment
which bits they have to pay attention to; setting it to all
ones is perfectly valid.

        --msa



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:06 EDT