By narrowing an acl i mean delimit traffic in the mimimal number of acl lines.
As an example consider the following addresses, and express as a 1 line acl!!
200.0.1.2
200.0.3.2
200.0.3.10
200.0.1.18
200.0.3.26
200.0.1.10
200.0.3.18
200.0.1.26
To break down consider the varibale portions of the acl in bit notation.
Then decide which bits can be either a zero or one without allowing any further traffic address combinations through the filter.
3rd Oct 4th Oct
200.0.1.2 0000 0001 0000 0010
200.0.3.2 0000 0011 0000 0010
200.0.3.10 0000 0011 0000 1010
200.0.1.18 0000 0001 0001 0010
200.0.3.26 0000 0011 0001 1010
200.0.1.10 0000 0001 0000 1010
200.0.3.18 0000 0011 0001 0010
200.0.1.26 0000 0001 0001 1010
0000 00*1 000* *010
Hence the one line acl can be represented as follows....
permit 200.0.1.2 0.0.2.24
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment