From: Ashot Hakobyan (ashot.hakobyan@xxxxxxxxxxxxxxxxx)
Date: Mon Apr 29 2002 - 23:47:41 GMT-3
...while
access-list 1 deny 199.199.2.0 0.0.12.255
access-list 1 permit any
will block only /24 subnets .2, .4, .6, .8, and .10.
Regards,
Ashot Hakobyan
Senior Consultant
NetTasking (ANZ) Pty Ltd
Tel: +61 2 9928 5725 Fax: +61 2 9439 1163
***** "Delivering Business Availability" *****
***** http://www.NetTasking.com *****
> -----Original Message-----
> From: Tim Wilhoit [mailto:tilimil@hotmail.com]
> Sent: Monday, April 29, 2002 3:33 PM
> To: ccielab@groupstudy.com
> Cc: johnny.peterson@wcg.com
> Subject: filtering even subnets
>
>
> Ok, time for another exercise on filtering subnets. On page
> 1141 of Solie's book in the "Skynet" lab he asks the
> following: "Apply an inbound filter to R5, filtering just the
> even subnets from the loopback range 199.199.1.1 to
> 199.199.10.1 on R4".
>
> For some background, there are 10 subnets from 199.199.1.0/24
> to 199.199.10.0/24 entering this router.
>
> Obviously the easy way to do this is to just use an
> access-list like the
> following:
>
> access-list 1 deny 199.199.0.0 0.0.254.255
> access-list permit any
>
>
> But my thinking is this might be counted wrong because
> 199.199.12.0 could come along and it would get denied. So my
> question is, what is the shortest way to block JUST the
> subnets he asked for? Below is what I came up with but I
> want to see what everyone else comes up with.
>
> access-list 1 deny 199.199.8.0
> access-list 1 deny 199.199.10.0
> access-list 1 deny 199.199.0.0 0.0.6.255
> access-list 1 permit any
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:22 GMT-3