RE: cisco config help

["Behm, Jeffrey L." <BehmJL () bvsg com>]

My understanding of this issue is that the mask in the access list is not
really a subnet mask, as most people think of them. It is more just a mask
that tells how many addresses to include in the range

for example, the next three statements refer to the private IP ranges
10.0.0.0->10.255.255.255, 172.16.0.0->172.31.255.255, and
192.168.0.0->192.168.255.255:

access-list 104 deny   ip any 10.0.0.0 0.255.255.255
access-list 104 deny   ip any 172.16.0.0 0.15.255.255
access-list 104 deny   ip any 192.168.0.0 0.0.255.255

Looks like you should use

access-list 101 deny ip 63.101.102.0 0.0.0.128 any

to get the 63.101.102.0->62.101.102.127 range (is this the range of IP's you
are wanting?)

Maybe this is what you are looking for...

Jeff
> -----Original Message-----
> From: Stuart Clark [mailto:sclark () spacelink com au]
> Sent: Friday, May 25, 01 9:47 AM
> To: firewall-wizards () nfr com
> Subject: [fw-wiz] cisco config help
>
>
> Hi,
> I am trying to make an access-list on my Cisco 3620.
>
> I type 'access-list 101 deny ip 63.101.102.0 255.255.255.128 any'
>
> The only problem is that the cisco converts 63.101.102.0 to 0.0.0.0
>
> So the access list when i do a 'show running-config' looks like this
> access-list number deny ip host 0.0.0.0 255.255.255.128 any
> Why does it change ?
>
> -------------------------------------
> Stuart G. Clark
> Manager,
> Spacelink Communications Pty. Ltd.
> http://www.spacelink.com.au
> +61 03 9 888 9874
>
> -------------------------------------
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards