From: John Neiberger (neiby@xxxxxxxxxx)
Date: Fri Mar 29 2002 - 02:39:29 GMT-3
A lab that I'm working on asks me to create the following
access list:
"Allow IP traffic from odd-numbered hosts on the
172.16.80.128/25 network."
My reasoning is this: since we want to match odd-numbered
hosts the access-list should contain the first odd-numbered
host and then the proper inverse mask:
access-list 100 permit ip 172.16.80.129 0.0.0.126 any
I use .126 because we want to match on 129, which in binary is
10000001. Invert this and it becomes 01111110, meaning we want
exact matches of 1 on the first and last bits and we don't care
about what's in the middle.
Now, the solution for the scenario has the following:
access-list 100 permit ip 172.16.80.129 0.0.0.129 any
I think they're accidentally using a non-inverted mask, but I
wanted to run this past you guys just as a sanity check. I'm
getting punch-drunk from studying so much lately.
I *hate* this type of access list question. Who in their right
mind would ever do something this stupid?? :-) "If you're an
even-numbered host, we don't trust you, but if you're an odd-
numbered host we'll let you go anywhere!"
Thanks,
John
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:25 GMT-3