RE: An access-list challenge

From: Simon Baxter (Simon.Baxter@xxxxxxxxxxxxxx)
Date: Mon Aug 28 2000 - 19:01:41 GMT-3

• Next message: Simon Baxter: "RE: An access-list challenge"
• Previous message: John Conzone: "Re: static lane question"
• Maybe in reply to: Simon Baxter: "An access-list challenge"
• Next in thread: Simon Baxter: "RE: An access-list challenge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I had the masks different :
access 101 deny ip 128.0.0.0 63.254.0.0 0.0.0.0 255.255.0.0
access 101 deny ip 192.0.1.0 31.255.254.0 0.0.0.0 0.0.0.255
access 101 permit any any

I figure if there's a '1' in the last x.x.x.x, marking a 'don't care' then
the 0.0.0.0 it's referring to will be a 0. I think you'll find on the IOS
that it will put a 'zero' where the corresponding mask is 'don't care' (1).

-----Original Message-----
From: Lachlan_Kidd@data3.com.au [mailto:Lachlan_Kidd@data3.com.au]
Sent: Monday, August 28, 2000 7:24 PM
To: Simon Baxter
Cc: ccielab@groupstudy.com
Subject: Re: An access-list challenge

Hi All,
     After a bit of thought.....
access-list 101 deny ip 128.0.0.0 63.254.255.250 255.255.0.0 255.255.0.0
access-list 101 deny ip 192.0.1.0 31.255.254.255 255.255.255.0 0.0.0.255
access-list 101 permit ip any any

A quick question on the masking side. As I understand it, we are looking
for b-class add's with less than 16 bits. If I understand the process,
255.255.0.0 255.255.0.0 (second part of top line) says,
1st octet-don't care
2nd octet-don't care
3rd octet-must match exactly (in this case, zero)
4th octet-must match exactly (in this case, zero)
Therefore, we are allowed at most, 16 bits.
On line 2, 255.255.255.0 0.0.0.255 says,
1st octet- must match exactly (255)
2nd octet- must match exactly (255)
3rd octet- must match exactly (255)
4th octet-don't care.
In this way, we are assured a minium of 24 bits.

Is this how others look at this or am I barking up the wrong tree ?
Regards,
     Lachlan

                    Simon Baxter

                    <Simon.Baxter@au.lo To: "CCIE Group Study
(E-mail)" <ccielab@groupstudy.com>
                    gical.com> cc:

                    Sent by: Subject: An access-list
challenge
                    nobody@groupstudy.c

                    om

                    27/08/00 10:51 AM

                    Please respond to

                    Simon Baxter

For anybody up to it..

not too nasty..

RTRA
router bgp 100
distribute-list 101 in

create access-list 101 so that RTRA doesn't accept even numbered class B
routes with a mask <16 bits or odd numbered class C routes with a mask >24
bits.

I hope it didn't take you as long as it did me!!

• Next message: Simon Baxter: "RE: An access-list challenge"
• Previous message: John Conzone: "Re: static lane question"
• Maybe in reply to: Simon Baxter: "An access-list challenge"
• Next in thread: Simon Baxter: "RE: An access-list challenge"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:31 GMT-3