From: David Luu (wicked01@xxxxxxxxxxxxx)
Date: Mon Apr 29 2002 - 04:27:59 GMT-3
wait, sorry, i should have looked at your post more carefully...just
realized what you were trying to explain...you are saying that if there
were other subnets not within that range but were still even subnets to not
get filtered, am i correct?
At 12:01 AM 4/29/2002 -0700, David Luu wrote:
>199.199.12.0 will not get denied with the access list you are
>using...break the 12 subnet into bit count and you will get 1100 and since
>you are matching the last bit and with an address of 0 to match, it will
>be valid
>
>At 12:32 AM 4/29/2002 -0500, Tim Wilhoit wrote:
>>Ok, time for another exercise on filtering subnets. On page 1141 of Solie's
>>book in the "Skynet" lab he asks the following:
>>"Apply an inbound filter to R5, filtering just the even subnets from the
>>loopback range 199.199.1.1 to 199.199.10.1 on R4".
>>
>>For some background, there are 10 subnets from 199.199.1.0/24 to
>>199.199.10.0/24 entering this router.
>>
>>Obviously the easy way to do this is to just use an access-list like the
>>following:
>>
>>access-list 1 deny 199.199.0.0 0.0.254.255
>>access-list permit any
>>
>>
>>But my thinking is this might be counted wrong because 199.199.12.0 could
>>come
>>along and it would get denied. So my question is, what is the shortest
>>way to
>>block JUST the subnets he asked for? Below is what I came up with but I want
>>to see what everyone else comes up with.
>>
>>access-list 1 deny 199.199.8.0
>>access-list 1 deny 199.199.10.0
>>access-list 1 deny 199.199.0.0 0.0.6.255
>>access-list 1 permit any
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:21 GMT-3