Re: Advanced Access-List

From: Stephen C. Feldberg (scfeldberg@xxxxxxxxxxx)
Date: Fri Jan 11 2002 - 17:44:51 GMT-3

• Next message: Stephen C. Feldberg: "Re: Advanced Access-List"
• Previous message: Mic Pressure: "CDP and Service Interworking"
• Maybe in reply to: Frei Peter: "Advanced Access-List"
• Next in thread: Stephen C. Feldberg: "Re: Advanced Access-List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Peter,

I have come up with a different answer:

deny 144.160.32.0 15.13.94.255
deny 192.6.5.129 255.255.1.129
permit any

I agree with most of your first statement, with the exception of the third
octet

deny 144.160.42.0 15.13.80.255

Here is how I broke it down into 4 octets and their values:

144 10010000
151 10010111
154 10011010
157 10011101
---------------
       00001111 = 15 ("don't care" about last four bits) becomes wildcard
value
       10010000 = 144 (value of first four bits that "must match") becomes
network value

160 10100000
164 10100100
168 10101100
173 10101101
---------------
       00001101 = 13
       1010 0 = 160

Here is where we disagree:

52 00110100
58 00111010
106 01101010
122 01111010
---------------
       01011110 = 94
       0 1 0 = 32

0 00000000
0 00000000
-------------
  11111111 = 255
  00000000 = 0

My answer would be:

deny 144.160.32.0 15.13.94.255

I also disagree with the last two octets of your second statement:

deny 192.6.4.128 0.0.1.126

192 11000000
192 11000000
---------------
       11111111 = 255
       11000000 = 192

6 00000110
6 00000110
-------------
  11111111 = 255
  00000110 = 6

Here's where we disagree:

4 00000100
5 00000101
------------
  00000001 = 1
  00000101 = 5

129 10000001
131 10000011
133 10000101
135 10000111
137 10001001
139 10001011
141 10001101
...
253 11111101
255 11111111
---------------
       10000001 = 129
       1 1 = 129

My answer would be:

deny 192.6.5.129 255.255.1.129

AFAIK, this is the binary logic that applies to these scenarios.

Steve
----- Original Message -----
From: "Frei Peter" <Peter.Frei@delec.ch>
To: <ccielab@groupstudy.com>
Sent: Thursday, January 10, 2002 6:46 PM
Subject: Advanced Access-List

> Hello group
> from a PROin course
> Filter the following networks with a minimum of config statements:
> 157.173.52.0;144.160.58.0;151.168.122.0;154.164.106.0
>
> and filter all odd hosts from the networks 192.6.4.0/24,192.6.5.0/24
> beginning with host 192.6.4.128 and 192.6.5.128
>
>
> my solution
> ip access-list standard FILTERTask4
> deny 144.160.42.0 15.13.80.255
> deny 192.6.4.128 0.0.1.126
> permit any
>
> Any comments?
>
>
> Thanks
>
> Peter

• Next message: Stephen C. Feldberg: "Re: Advanced Access-List"
• Previous message: Mic Pressure: "CDP and Service Interworking"
• Maybe in reply to: Frei Peter: "Advanced Access-List"
• Next in thread: Stephen C. Feldberg: "Re: Advanced Access-List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:25 GMT-3