Re: [nsp] Access list... grrrrr...

From: Charles Sprickman (spork@inch.com)
Date: Mon Jan 24 2000 - 16:09:57 EST


I also found the attached C code on the ftp-eng site a very long time
ago. It basically asks for a starting address and an ending address then
spits out an access-list.

Just thought I'd share, as I wasn't able to find it on the Cisco ftp sites
last time I tried to point someone to it...

Charles

On Mon, 24 Jan 2000, Greg Ketell wrote:

> The easy way to keep them straight is to think of the mask in access-lists
> as "don't care" bits.
>
> A.B.C.D 0.0.0.63 would mean that I care about every bit in the A, B, and C
> (there are no "don't care" bits), and in D I care about the first 2 bits
> and don't care what the last 6 bits for matching purposes.
>
> GK
>
>
> At 10:35 AM 1/24/00 -0800, Evan McClure wrote:
> >On Mon, 24 Jan 2000, Daniele Orlandi wrote:
> >
> > > Xavier wrote:
> > > >
> > > > Allowing www traffic for a.b.c.d/26
> > >
> > > access-list 100 permit tcp any a.b.c.d 0.0.0.63 eq www
> > >
> > > > The cisco always changes my mask and/or address!?
> > >
> > > You are probably using 255.255.255.192 as the mask.
> >
> >
> >I think Daniele was trying to say is that a standard type of access-lists
> >uses a "wildcard mask". That's the "0.0.0.63" in Daniele's example.
> >(That's something that you'll want to research and learn about.)
> >
> >Evan
>





This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:09 EDT