From: Stephen C. Feldberg (scfeldberg@xxxxxxxxxxx)
Date: Fri Jan 11 2002 - 18:06:23 GMT-3
The second octet of your second statement is correct, I said
4 00000100
5 00000101
------------
00000001 = 1
00000101 = 5
when it should be
4 00000100
5 00000101
------------
00000001 = 1
00000100 = 4
so
deny 144.160.32.0 15.13.94.255
deny 192.6.4.129 255.255.1.129
permit any
Yes Regis, that is my final answer :)
Steve
----- Original Message -----
From: "Stephen C. Feldberg" <scfeldberg@hotmail.com>
To: <ccielab@groupstudy.com>; "Frei Peter" <Peter.Frei@delec.ch>
Cc: "Paul Borghese" <pborghese@bigfoot.com>
Sent: Friday, January 11, 2002 3:44 PM
Subject: Re: Advanced Access-List
> Peter,
>
> I have come up with a different answer:
>
> deny 144.160.32.0 15.13.94.255
> deny 192.6.5.129 255.255.1.129
> permit any
>
> I agree with most of your first statement, with the exception of the third
> octet
>
> deny 144.160.42.0 15.13.80.255
>
> Here is how I broke it down into 4 octets and their values:
>
> 144 10010000
> 151 10010111
> 154 10011010
> 157 10011101
> ---------------
> 00001111 = 15 ("don't care" about last four bits) becomes wildcard
> value
> 10010000 = 144 (value of first four bits that "must match") becomes
> network value
>
> 160 10100000
> 164 10100100
> 168 10101100
> 173 10101101
> ---------------
> 00001101 = 13
> 1010 0 = 160
>
> Here is where we disagree:
>
> 52 00110100
> 58 00111010
> 106 01101010
> 122 01111010
> ---------------
> 01011110 = 94
> 0 1 0 = 32
>
> 0 00000000
> 0 00000000
> -------------
> 11111111 = 255
> 00000000 = 0
>
> My answer would be:
>
> deny 144.160.32.0 15.13.94.255
>
> I also disagree with the last two octets of your second statement:
>
> deny 192.6.4.128 0.0.1.126
>
> 192 11000000
> 192 11000000
> ---------------
> 11111111 = 255
> 11000000 = 192
>
> 6 00000110
> 6 00000110
> -------------
> 11111111 = 255
> 00000110 = 6
>
> Here's where we disagree:
>
> 4 00000100
> 5 00000101
> ------------
> 00000001 = 1
> 00000101 = 5
>
> 129 10000001
> 131 10000011
> 133 10000101
> 135 10000111
> 137 10001001
> 139 10001011
> 141 10001101
> ...
> 253 11111101
> 255 11111111
> ---------------
> 10000001 = 129
> 1 1 = 129
>
> My answer would be:
>
> deny 192.6.5.129 255.255.1.129
>
> AFAIK, this is the binary logic that applies to these scenarios.
>
> Steve
> ----- Original Message -----
> From: "Frei Peter" <Peter.Frei@delec.ch>
> To: <ccielab@groupstudy.com>
> Sent: Thursday, January 10, 2002 6:46 PM
> Subject: Advanced Access-List
>
>
> > Hello group
> > from a PROin course
> > Filter the following networks with a minimum of config statements:
> > 157.173.52.0;144.160.58.0;151.168.122.0;154.164.106.0
> >
> > and filter all odd hosts from the networks 192.6.4.0/24,192.6.5.0/24
> > beginning with host 192.6.4.128 and 192.6.5.128
> >
> >
> > my solution
> > ip access-list standard FILTERTask4
> > deny 144.160.42.0 15.13.80.255
> > deny 192.6.4.128 0.0.1.126
> > permit any
> >
> > Any comments?
> >
> >
> > Thanks
> >
> > Peter
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:25 GMT-3