From: Stephen C. Feldberg (scfeldberg@xxxxxxxxxxx)
Date: Fri Jan 11 2002 - 20:56:30 GMT-3
I lied about the last post being my final answer. Found another mistake in
the last octet of the mask of the second statement.
129 10000001
131 10000011
133 10000101
135 10000111
137 10001001
139 10001011
141 10001101
...
253 11111101
255 11111111
------------
01111110 = 126
1 1 = 129
Should be deny 192.6.4.129 0.0.1.126
Steve
----- Original Message -----
From: "Stephen C. Feldberg" <scfeldberg@hotmail.com>
To: "Stephen C. Feldberg" <scfeldberg@hotmail.com>;
<ccielab@groupstudy.com>; "Frei Peter" <Peter.Frei@delec.ch>
Cc: "Paul Borghese" <pborghese@bigfoot.com>
Sent: Friday, January 11, 2002 4:06 PM
Subject: Re: Advanced Access-List
> The second octet of your second statement is correct, I said
>
> 4 00000100
> 5 00000101
> ------------
> 00000001 = 1
> 00000101 = 5
>
> when it should be
>
> 4 00000100
> 5 00000101
> ------------
> 00000001 = 1
> 00000100 = 4
>
> so
>
> deny 144.160.32.0 15.13.94.255
> deny 192.6.4.129 255.255.1.129
> permit any
>
> Yes Regis, that is my final answer :)
>
> Steve
> ----- Original Message -----
> From: "Stephen C. Feldberg" <scfeldberg@hotmail.com>
> To: <ccielab@groupstudy.com>; "Frei Peter" <Peter.Frei@delec.ch>
> Cc: "Paul Borghese" <pborghese@bigfoot.com>
> Sent: Friday, January 11, 2002 3:44 PM
> Subject: Re: Advanced Access-List
>
>
> > Peter,
> >
> > I have come up with a different answer:
> >
> > deny 144.160.32.0 15.13.94.255
> > deny 192.6.5.129 255.255.1.129
> > permit any
> >
> > I agree with most of your first statement, with the exception of the
third
> > octet
> >
> > deny 144.160.42.0 15.13.80.255
> >
> > Here is how I broke it down into 4 octets and their values:
> >
> > 144 10010000
> > 151 10010111
> > 154 10011010
> > 157 10011101
> > ---------------
> > 00001111 = 15 ("don't care" about last four bits) becomes
wildcard
> > value
> > 10010000 = 144 (value of first four bits that "must match")
becomes
> > network value
> >
> > 160 10100000
> > 164 10100100
> > 168 10101100
> > 173 10101101
> > ---------------
> > 00001101 = 13
> > 1010 0 = 160
> >
> > Here is where we disagree:
> >
> > 52 00110100
> > 58 00111010
> > 106 01101010
> > 122 01111010
> > ---------------
> > 01011110 = 94
> > 0 1 0 = 32
> >
> > 0 00000000
> > 0 00000000
> > -------------
> > 11111111 = 255
> > 00000000 = 0
> >
> > My answer would be:
> >
> > deny 144.160.32.0 15.13.94.255
> >
> > I also disagree with the last two octets of your second statement:
> >
> > deny 192.6.4.128 0.0.1.126
> >
> > 192 11000000
> > 192 11000000
> > ---------------
> > 11111111 = 255
> > 11000000 = 192
> >
> > 6 00000110
> > 6 00000110
> > -------------
> > 11111111 = 255
> > 00000110 = 6
> >
> > Here's where we disagree:
> >
> > 4 00000100
> > 5 00000101
> > ------------
> > 00000001 = 1
> > 00000101 = 5
> >
> > 129 10000001
> > 131 10000011
> > 133 10000101
> > 135 10000111
> > 137 10001001
> > 139 10001011
> > 141 10001101
> > ...
> > 253 11111101
> > 255 11111111
> > ---------------
> > 10000001 = 129
> > 1 1 = 129
> >
> > My answer would be:
> >
> > deny 192.6.5.129 255.255.1.129
> >
> > AFAIK, this is the binary logic that applies to these scenarios.
> >
> > Steve
> > ----- Original Message -----
> > From: "Frei Peter" <Peter.Frei@delec.ch>
> > To: <ccielab@groupstudy.com>
> > Sent: Thursday, January 10, 2002 6:46 PM
> > Subject: Advanced Access-List
> >
> >
> > > Hello group
> > > from a PROin course
> > > Filter the following networks with a minimum of config statements:
> > > 157.173.52.0;144.160.58.0;151.168.122.0;154.164.106.0
> > >
> > > and filter all odd hosts from the networks 192.6.4.0/24,192.6.5.0/24
> > > beginning with host 192.6.4.128 and 192.6.5.128
> > >
> > >
> > > my solution
> > > ip access-list standard FILTERTask4
> > > deny 144.160.42.0 15.13.80.255
> > > deny 192.6.4.128 0.0.1.126
> > > permit any
> > >
> > > Any comments?
> > >
> > >
> > > Thanks
> > >
> > > Peter
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:25 GMT-3