RE: filtering even subnets

From: Chua, Parry (Parry.Chua@xxxxxxxxxx)
Date: Mon Apr 29 2002 - 06:04:37 GMT-3

• Next message: Chua, Parry: "RE: Route filtering with extended access list"
• Previous message: Brett Lewis: "RE: Trunk & VLAN 1"
• Maybe in reply to: Tim Wilhoit: "filtering even subnets"
• Next in thread: David Luu: "RE: filtering even subnets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
You can improve a little by combine the fist two access-list into one :

access-list 1 deny 199.199.8.0 0.0.2.0

> Parry Chua
>
>

-----Original Message-----
From: David Luu [mailto:wicked01@ix.netcom.com]
Sent: Monday, April 29, 2002 4:26 PM
To: Tim Wilhoit; ccielab@groupstudy.com
Cc: johnny.peterson@wcg.com
Subject: Re: filtering even subnets

if thats the case then, the access list you had below with

> >>access-list 1 deny 199.199.8.0
> >>access-list 1 deny 199.199.10.0
> >>access-list 1 deny 199.199.0.0 0.0.6.255
> >>access-list 1 permit any

would work just fine and also have the minimum amount of statements needed

At 02:49 AM 4/29/2002 -0500, Tim Wilhoit wrote:
>Yes, that is what I was getting at.
>----- Original Message -----
>From: "David Luu" <wicked01@ix.netcom.com>
>To: "Tim Wilhoit" <tilimil@hotmail.com>; <ccielab@groupstudy.com>
>Cc: <johnny.peterson@wcg.com>
>Sent: Monday, April 29, 2002 2:27 AM
>Subject: Re: filtering even subnets
>
>
> > wait, sorry, i should have looked at your post more carefully...just
> > realized what you were trying to explain...you are saying that if there
> > were other subnets not within that range but were still even subnets to
>not
> > get filtered, am i correct?
> >
> >
> > At 12:01 AM 4/29/2002 -0700, David Luu wrote:
> > >199.199.12.0 will not get denied with the access list you are
> > >using...break the 12 subnet into bit count and you will get 1100 and
>since
> > >you are matching the last bit and with an address of 0 to match, it will
> > >be valid
> > >
> > >At 12:32 AM 4/29/2002 -0500, Tim Wilhoit wrote:
> > >>Ok, time for another exercise on filtering subnets. On page 1141 of
>Solie's
> > >>book in the "Skynet" lab he asks the following:
> > >>"Apply an inbound filter to R5, filtering just the even subnets from the
> > >>loopback range 199.199.1.1 to 199.199.10.1 on R4".
> > >>
> > >>For some background, there are 10 subnets from 199.199.1.0/24 to
> > >>199.199.10.0/24 entering this router.
> > >>
> > >>Obviously the easy way to do this is to just use an access-list like the
> > >>following:
> > >>
> > >>access-list 1 deny 199.199.0.0 0.0.254.255
> > >>access-list permit any
> > >>
> > >>
> > >>But my thinking is this might be counted wrong because 199.199.12.0
>could
> > >>come
> > >>along and it would get denied. So my question is, what is the shortest
> > >>way to
> > >>block JUST the subnets he asked for? Below is what I came up with but I
>want
> > >>to see what everyone else comes up with.
> > >>
> > >>access-list 1 deny 199.199.8.0
> > >>access-list 1 deny 199.199.10.0
> > >>access-list 1 deny 199.199.0.0 0.0.6.255
> > >>access-list 1 permit any

• Next message: Chua, Parry: "RE: Route filtering with extended access list"
• Previous message: Brett Lewis: "RE: Trunk & VLAN 1"
• Maybe in reply to: Tim Wilhoit: "filtering even subnets"
• Next in thread: David Luu: "RE: filtering even subnets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:21 GMT-3