Re: SSH Access-Class

Daniel Mckibbin · ‎04-07-2011

This should be an easy question. For SSH access:

Why does this work?
Standard IP access list 2
    10 permit 172.16.2.0, wildcard bits 0.0.0.3 log
    20 permit 172.16.1.32, wildcard bits 0.0.0.31 (6 matches)
    30 permit 208.x.x.0, wildcard bits 0.0.0.255 log
    40 permit 172.16.1.0, wildcard bits 0.0.0.31
    50 permit 172.16.1.64, wildcard bits 0.0.0.31

And this not?
Standard IP access list 2
    10 permit 172.16.2.0, wildcard bits 0.0.0.3 log
    20 permit 172.16.1.0, wildcard bits 0.0.0.95
    30 permit 208.x.x.0, wildcard bits 0.0.0.255 log

Same goes for NAT. Are summaries not accepted?

Richard Burts · ‎04-07-2011

Daniel

Am I correct in assuming that your second access list is an attempt to summarize these entries from your first access list:

permit 172.16.1.0, wildcard bits 0.0.0.31

permit 172.16.1.32, wildcard bits 0.0.0.31

permit 172.16.1.64, wildcard bits 0.0.0.31

The correct statement for this summary (assuming that you want all 3 subnets summarized in a single statement) would be

permit 172.16.1.0, wildcard bits 0.0.0.127

but you are using this

permit 172.16.1.0, wildcard bits 0.0.0.95

I am not sure where the 0.0.0.95 comes from. I note that 95 is the last address of the last range that you use (172.16.1.64) but am not sure if that is why you used it.

The incorrect mask is why it is not working.

Summaries are certainly accepted - when the mask accurately describes the range to be summarized.

HTH

Rick

HTH

Rick

Daniel Mckibbin · ‎04-08-2011

Got it, I see my mistake. I didn't know it had to be summarized like a summary route. I thought it could be more specific by specifying the beginning and ending IP.

Thanks,

Daniel