ACL question

samsam_wang · ‎01-02-2004

there are two routers, diagram like

R1------R2

R1 has 10 loopback interfaces, the IPs are

100.0.0.1/32

100.0.0.2/32

100.0.0.3/32

............

100.0.0.10/32

R2 has 1 loopback interface, ip is 200.0.0.1

now, may I build an ACL to controll only even or odd HOST can ping 200.0.0.1 from R1?

for example, only 100.0.0.1/32 100.0.0.3/32 100.0.0.5 and 7, 9 can ping 200.0.0.1

please mention, not even or odd NETWORK, but HOST

thanks

Georg Pauwen · ‎01-02-2004

Hello,

try this on R2:

interface loopback 1

ip address 200.0.0.1 255.255.255.255

ip access-group 101 in

!

access-list 101 permit ip 100.0.0.1 0.0.0.254 host 200.0.0.1

This allows host from 100.0.0.1 thru 100.0.0.255 to ping the loopback interface with IP address 200.0.0.1, with the exception of even hosts (100.0.0.2, 100.0.0.4, etc).

Regards,

Georg

samsam_wang · ‎01-02-2004

it seems fine, but doesn't work

thanks

i am still working on that

Georg Pauwen · ‎01-02-2004

Hello,

what exactly is not working ? Are you using an extended ping from R1 ?

Regards,

Georg

samsam_wang · ‎01-02-2004

hi, it works now, but it doesn't work if you apply the ACL to loopback of R2, i apply it to serial interface, it works.

meanwhile, i think the 0.0.0.254 is not exactly. I am trying 0.0.0.240, the wildcard is a little bid closer, but still not exactly for 1,3,5,7,9

thanks

ashok_boin · ‎01-04-2004

Hi,

The wild card mask "0.0.0.254" given by Georg is absolutely correct for the stated requirement by you. The "0.0.0.240" is wrong.

Regards...

Ashok.

With best regards...
Ashok

samsam_wang · ‎01-05-2004

the mask 0.0.0.254 will permit or deny from 1,3,5,7,9,11,13,15...................253

so i think it is not exact.

but for the 0.0.0.240, will be closer, but still not exact.

thanks