Could someone please show the steps. I need to block the even address to both ports on a router. I have the following set up.
Source Router A 174.22.0.129
sm 255.255.255.192
Destination Router B s0 174.22.0.66 e0 174.22.0.193

I need to block the even address from Router A from being able to telnet to Router B, I need to block both the s0 and e0 ports and allow the odd addresses to go through.


[This message has been edited by Bear (edited 01-10-2001).]

[This message has been edited by Bear (edited 01-10-2001).]

Report this post to a moderator

This is a NetAcad question, isn't it? We've seen it before....
I think this will do it when applied to RouterB S0 inbound.

ip access-list extended MadChef
deny tcp 174.22.0.128 0.0.0.62 any eq telnet
permit ip any any

MadChef

[This message has been edited by MadChef (edited 01-10-2001).]

Report this post to a moderator

what about following?
access-list 101 deny tcp 174.22.0.128 0.0.0.62 destination-network mask eq 23
access-list 101 permit ip any any

Any comments ?

Report this post to a moderator

oopppss, Madchef, I had not seen your post while replying.I'm glad to learn that I did well. I know you're an expert..

Cheers.

Report this post to a moderator

I hesitated for a bit while doing the wildcard because I didn't take the time to do the math. (I'm VERY bad at creating masks in my head so I usually end up doing the binary on a piece of paper.) I was glad to see that someone else came up with the same answer. At least I have a shot at being right.

Report this post to a moderator

quote:

---

Originally posted by MadChef:
I hesitated for a bit while doing the wildcard because I didn't take the time to do the math. (I'm VERY bad at creating masks in my head so I usually end up doing the binary on a piece of paper.) I was glad to see that someone else came up with the same answer. At least I have a shot at being right.

---

Report this post to a moderator

For the destination address and wildcard mask in your ACL, use the host 174.22.0.66, or you could use that IP address and 0.0.0.0 as the wildcard mask. (Host and the wildcard mask 0.0.0.0 mean the same thing).

Report this post to a moderator

Write out the last octet of the source network and wildcard mask and compare. What happens when you apply those wildcarded bits to your source network?

MadChef

Report this post to a moderator

quote:

---

Originally posted by firechicken:
For the destination address and wildcard mask in your ACL, use the host 174.22.0.66, or you could use that IP address and 0.0.0.0 as the wildcard mask. (Host and the wildcard mask 0.0.0.0 mean the same thing).

---

Report this post to a moderator

Look at the "deny tcp 174.22.0.128 0.0.0.62" rule. Write the address and the wildcard in binary:

10101110.00010110.00000000.10000000
00000000.00000000.00000000.00111110

Consider a packet going through this filter. The source address is masked with the wildcard. The bits in your address corresponding to "0" in the wildcard must match the corresponding bits in 174.22.0.128. Conversely, the bits corresponding to "1" in the wildcard don't have to match. Let's write an address that matches (174.22.0.178):

10101110.00010110.00000000.10110010
00000000.00000000.00000000.00111110
10101110.00010110.00000000.10XXXXX0

The "X"s on the last line tell you that you may have whatever you want in that position. Note, however, that the last bit MUST be "0" for you address to match. All binary numbers with the last (rightmost) bit "0" are even. That's what you need.

Hope this helps.


[This message has been edited by dmaftei (edited 01-10-2001).]

Report this post to a moderator