[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Access list
On Wed, 19 Feb 2003, Scott Weeks wrote:
> Oops, I was running off to an emergency in the data center. I should've
> waited to send the email until afterwards...
A handy tool to have is the old 'aggis'[1], which can nicely tell you the
requisite subnet magic to put in cisco ACLs, eg:
$ aggis -D 192.168.33.50 - 192.168.33.58
The range of nets from 192.168.33.50 to 192.168.33.58/32(0) can be
represented by:
192.168.33.50/31(0.0.0.1) ( 2 hosts: 192.168.33.50 - 192.168.33.51 )
192.168.33.52/30(0.0.0.3) ( 4 hosts: 192.168.33.52 - 192.168.33.55 )
192.168.33.56/31(0.0.0.1) ( 2 hosts: 192.168.33.56 - 192.168.33.57 )
192.168.33.58/32(0) ( 1 host: 192.168.33.58 )
If you've got control over the actual range of addresses, it'll make your
future ACL work much easier to put it in a neat bit boundary, eg:
The range of nets from 192.168.33.48 to 192.168.33.55/32(0) can be
represented by:
192.168.33.48/29(0.0.0.7) ( 8 hosts: 192.168.33.48 - 192.168.33.55 )
--==--
Bruce.
[1] I cannot find an official distribution site anymore, so grab it
from http://www.amsterdamned.org/~bc/aggis .
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org