From: Kotte, Christopher (Christopher.Kotte@xxxxxxxxxx)
Date: Sun Dec 17 2000 - 23:22:00 GMT-3
Chuck,
You are certainly right about the law of unintended circumstances...
I do however prefer using the 0.0.0.0 masks for entering nets into OSPF.
The bad part is when you getting into redistribution this can come back to
haunt you if you are not careful (classfull vs classless). Say for instance
you need to use a default network command on r1 that points back to r2. But
on r2 you entered:
r2 (running ospf and igrp)
router ospf 100
net 137.20.20.1 0.0.0.0 area 0
and on r1 you enter (igrp only)
ip default-network 137.20.0.0
you wont get back since igrp doesn't understand the classless boundary!
Just food for thought!!
Chris
-----Original Message-----
From: Chuck Larrieu [mailto:chuck@cl.cncdsl.com]
Sent: Sunday, December 17, 2000 8:08 PM
To: ccielab@groupstudy.com
Subject: RE: Access-list
All right...... I was hoping that this one would go away BEFORE I succumbed
to the temptation to show off. Alas, failure.
Write an access list that does the following:
Permits traffic only from hosts whose addresses are multiples of 12
Permits only hosts whose address are in the range of 72 through 79 to access
servers on the server farm whose addresses are in the range of 16 through 23
Permits only hosts from networks 172.4.0.0, 192.10.0.0 and 23.0.0.0 whose
classful network numbers are multiples of 136 to access even numbered
servers in the above mentioned server farm
Naw... I'm kidding. Or if you want to try, have fun, but let's not clutter
the list.
My point is that once someone understands binary and how subnet masking
works, there are many things that are possible.
On a slightly related topic, any preferences on masks used when placing
networks into the OSPF process? My own is to use the 0.0.0.0 mask. In cases
where all configured interfaces are to go into the OSPF process my
preference is 0.0.0.0 255.255.255.255
There are merits to both extremes. In the latter case, the law of unintended
consequences always applies.
Chuck
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Greg
Ferro
Sent: Sunday, December 17, 2000 5:25 PM
To: ccielab@groupstudy.com
Subject: RE: Access-list
Here is an exercise, how do you filter for even networks only ?
At 01:03 AM 18/12/2000 +0000, you wrote:
>This ought to do the trick :
>
>access-list 101 deny icmp 0.0.0.1 255.255.255.254 any
>
>Regards
>Atif Awan
>
>
>
>
> >From: "Foster, Kristopher" <KFoster@C1Communications.com>
> >Reply-To: "Foster, Kristopher" <KFoster@C1Communications.com>
> >To: "'Ronnie Royston'" <RonnieR@globaldatasys.com>,
ccielab@groupstudy.com
> >Subject: RE: Access-list
> >Date: Sun, 17 Dec 2000 18:57:17 -0500
> >
> >Always think in binary :)
> >
> >your wildcard mask would require that the last bit is always set:
> >
> >0.0.0.1
> >
> >Why? Just to see if you know what you're doing.
> >
> >Kris,
> >
> >-----Original Message-----
> >From: Ronnie Royston [mailto:RonnieR@globaldatasys.com]
> >Sent: Sunday, December 17, 2000 6:51 PM
> >To: ccielab@groupstudy.com
> >Subject: Access-list
> >
> >
> >I am asked to deny ping from all addresses whose last octet is an odd
> >number.
> >
> >....(why?)
> >
> >Can anyone think of a clever way to do this?
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:26:04 GMT-3