From: Jay Hennigan (jay@xxxxxxxx)
Date: Wed Feb 13 2002 - 23:59:37 GMT-3
On Wed, 13 Feb 2002 Sam.MicroGate@usa.telekom.de wrote:
> Suppose that the backbone is advertising the following routes:
> 192.168.123.0/24
> 192.168.124.0/24
> 192.168.125.0/24
> 192.168.126.0/24
> 192.168.127.0/24
> 192.168.128.0/24
> 192.168.129.0/24
> I need to filter .128 and .129 and pass every thing else. which of the
> following access list is correct
> access-list 1 permit 192.168.123.0 0.0.7.255 or
> access-list 2 permit 192.168.124.0 0.0.7.255 or
> access-list 3 permit 192.168.125.0 0.0.7.255 or
> access-list 4 permit 192.168.126.0 0.0.7.255 or
> access-list 5 permit 192.168.127.0 0.0.7.255
All of those access lists are identical, believe it or not.
Pick one and write it. Then show your config and you'll see it as:
access-list 1 permit 192.168.120.0 0.0.7.255
Any of the above will accomplish the filtering of .128 and .129.
They will also filter anything else outside of 192.168.120-127.x.
They will permit 192.168.120.x through 192.168.122.x which was not
called for.
So, it depends on the nature of the question. If indeed you need to
pass *everything else* while denying .128 and .129, then your list
should be:
access-list 1 deny 192.168.128.0 0.0.1.255
access-list 1 permit any
If it is a given that those are the only routes advertised, then your
solution will work. Pick one, they're all the same. Writing it as
192.168.120.0 is more logical. But, this will also allow other routes
with the third octet of 120 - 122.
Careful reading of the exact requirements is one key to success in this
game, or I should say that failure to carefully read the requirements
exactly will almost certainly result in failure. :-)
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:22 GMT-3