--> Access Lists are most commonly used for filtering the networks.
--> For example if we have 4 networks like following,
10.1.0.0/24
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
--> If you want to filter odd networks by using ACL then the wildcard mask will be like this
access-list 10.1.0.0 0.0.254.255
--> If you want to filter even networks by using ACL then the wildcard mask will be like this
access-list 10.1.0.0 0.0.255.255
--> If you want to block some networks (10.1.12.0/24, 10.1.28.0/24, 10.1.90.0/24,10.1.100.0/24) from the following networks
10.1.12.0/24
10.1.17.0/24
10.1.28.0/24
10.1.65.0/24
10.1.90.0/24
10.1.95.0/24
10.1.100.0/24
Steps
1) Convert the networks into binary format which you want to filter.
00001010.0000001.00001100.00000000
00001010.0000001.00011100.00000000
00001010.0000001.01011010.00000000
00001010.0000001.01100100.00000000
2) Write down the bits which are common ( in the 3rd octet)
1 and 8 bits are common
3) Write the wildcard mask for the common bits
10000001 = 129
0.0.129.255
4) Write the network portion ( same bits)
10.1.0.0
access-list 10 deny 10.1.0.0 0.0.129.255
access-list 10 permit any
--> For example if we have 4 networks like following,
10.1.0.0/24
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
--> If you want to filter odd networks by using ACL then the wildcard mask will be like this
access-list 10.1.0.0 0.0.254.255
--> If you want to filter even networks by using ACL then the wildcard mask will be like this
access-list 10.1.0.0 0.0.255.255
--> If you want to block some networks (10.1.12.0/24, 10.1.28.0/24, 10.1.90.0/24,10.1.100.0/24) from the following networks
10.1.12.0/24
10.1.17.0/24
10.1.28.0/24
10.1.65.0/24
10.1.90.0/24
10.1.95.0/24
10.1.100.0/24
Steps
1) Convert the networks into binary format which you want to filter.
00001010.0000001.00001100.00000000
00001010.0000001.00011100.00000000
00001010.0000001.01011010.00000000
00001010.0000001.01100100.00000000
2) Write down the bits which are common ( in the 3rd octet)
1 and 8 bits are common
3) Write the wildcard mask for the common bits
10000001 = 129
0.0.129.255
4) Write the network portion ( same bits)
10.1.0.0
access-list 10 deny 10.1.0.0 0.0.129.255
access-list 10 permit any
0 comments:
Post a Comment