From: fwells12 (fwells12@xxxxxxxxxxx)
Date: Fri Nov 30 2001 - 13:06:22 GMT-3
C. Was the correct answer.
----- Original Message -----
From: "Waters, Kivas (UK72)" <Kivas.Waters@Honeywell.com>
To: "Basel Tashkandi" <basel@tashkandi.com>; <ccielab@groupstudy.com>
Sent: Friday, November 30, 2001 2:21 AM
Subject: RE: IP route filtering question
> Uummmm, Yep, appologies for the stupid "permit" etc but I guess you got
the
> gist of what I was asking. Here is the example written with a clear head
at
> 10am.
>
> The problem I have with not specifying the specific mask for the route to
be
> filtered is that if I configured, for example "access-list 117 deny ip
> 192.168.10.0 0.0.0.255" then the filter would deny the specific route and
> all it's subnets from being filtered. 192.168.10.128/28 would also be
> denyed!! The question asks you to deny ONLY 192.168.10.0/24. I know that
> in a lab scenario, configuring the ACL's listed below under b) as you
> suggest will result in the expected outcome but it is not 100% accurate.
> Does anyone have any idea's?
>
> Lets say that I wanted to deny the following specific routes from being
> learned by a routing process : 192.168.10.0/24 and 172.16.0.0/12
>
> I suspect that answer c) is most correct but what do you IP routing guru's
> think?
>
> a)
> access-list 7 deny 192.168.10.0
> access-list 7 deny 172.16.0.0
>
> b)
> access-list 7 deny 192.168.10.0 0.0.0.255
> access-list 7 deny 172.16.0.0 0.15.255.255
>
> c)
> access-list 117 deny ip 192.168.10.0 0.0.0.255 255.255.255.0 0.0.0.0
> access-list 117 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.0.0.0
>
> regards
>
> Ki
>
>
> -----Original Message-----
> From: Basel Tashkandi [mailto:basel@tashkandi.com]
> Sent: 30 November 2001 09:43
> To: Waters, Kivas (UK72)
> Cc: ccielab@groupstudy.com
> Subject: Re: IP route filtering question
>
>
> Hi Ki,
> As you suspected C is the right one but you don't need the mask for the
mask
> it would be enough to only say
> 192.168.10.0 0.0.0.255
> of course with deny not permit :)
> At 23:09 29/11/2001 +0100, Waters, Kivas (UK72) wrote:
> >Configuring very specific route filters for route redistribution, split
> >horizon issues and general route filtering is important and I want to
make
> >sure that I get it right in the lab. There appears to be a number of
ways
> >of implimenting the route filters but what I'm interrested is the ACL's
> >defining the routes to be filtered. The question is, what type of route
> >filters should be used in which circumstances?
> >
> >Here is an example ...
> >
> >Lets say that I wanted to deny the following specific routes from being
> >learned by a routing process : 192.168.10.0/24 and 172.16.0.0/12
> >
> >I suspect that answer c) is most correct but what do you IP routing
guru's
> >think?
> >
> >a)
> >access-list 7 permit 192.168.10.0
> >access-list 7 permit 172.16.0.0
> >
> >b)
> >access-list 7 permit 192.168.10.0 0.0.0.255
> >access-list 7 permit 172.16.0.0 0.15.255.255
> >
> >c)
> >access-list 117 permit 192.168.10.0 0.0.0.255 255.255.255.0 0.0.0.0
> >access-list 117 permit 172.16.0.0 0.15.255.255 255.240.0.0 0.0.0.0
> >
> >best regards
> >
> >Ki
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:27 GMT-3