RE: filtering even subnets

From: Ashot Hakobyan (ashot.hakobyan@xxxxxxxxxxxxxxxxx)
Date: Tue Apr 30 2002 - 00:08:51 GMT-3

• Next message: kris.keen@xxxxxxxxxx: "RE: filtering even subnets"
• Previous message: Chuck Church: "RE: Dot1Q trunk vs ISL trunk"
• Maybe in reply to: Tim Wilhoit: "filtering even subnets"
• Next in thread: kris.keen@xxxxxxxxxx: "RE: filtering even subnets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
DOH!

access-list 1 deny 199.199.9.0 0.0.0.255
access-list 1 deny 199.199.1.0 0.0.6.255
access-list 1 permit any

for odd nets up to .9, and

access-list 1 permit 199.199.12.0 0.0.2.255
access-list 1 deny 199.199.0.0 0.0.14.255
Access-list 1 permit any

for the even nets up to .10.

Ashot

> -----Original Message-----
> From: Ashot Hakobyan
> Sent: Tuesday, April 30, 2002 12:44 PM
> To: 'Tim Wilhoit'
> Cc: ccielab@groupstudy.com
> Subject: RE: filtering even subnets
>
>
> Tim,
>
> access-list 1 deny 199.199.1.0 0.0.14.255
> access-list 1 permit any
>
> will block /24 subnets .1, .3, .5, .7, .9 and only.
>
> Ashot Hakobyan
> Senior Consultant
> NetTasking (ANZ) Pty Ltd
> Tel: +61 2 9928 5725 Fax: +61 2 9439 1163
> ***** "Delivering Business Availability" *****
> ***** http://www.NetTasking.com *****
>
>
> > -----Original Message-----
> > From: Tim Wilhoit [mailto:tilimil@hotmail.com]
> > Sent: Monday, April 29, 2002 3:33 PM
> > To: ccielab@groupstudy.com
> > Cc: johnny.peterson@wcg.com
> > Subject: filtering even subnets
> >
> >
> > Ok, time for another exercise on filtering subnets. On page
> > 1141 of Solie's book in the "Skynet" lab he asks the
> > following: "Apply an inbound filter to R5, filtering just the
> > even subnets from the loopback range 199.199.1.1 to
> > 199.199.10.1 on R4".
> >
> > For some background, there are 10 subnets from 199.199.1.0/24
> > to 199.199.10.0/24 entering this router.
> >
> > Obviously the easy way to do this is to just use an
> > access-list like the
> > following:
> >
> > access-list 1 deny 199.199.0.0 0.0.254.255
> > access-list permit any
> >
> >
> > But my thinking is this might be counted wrong because
> > 199.199.12.0 could come along and it would get denied. So my
> > question is, what is the shortest way to block JUST the
> > subnets he asked for? Below is what I came up with but I
> > want to see what everyone else comes up with.
> >
> > access-list 1 deny 199.199.8.0
> > access-list 1 deny 199.199.10.0
> > access-list 1 deny 199.199.0.0 0.0.6.255
> > access-list 1 permit any

• Next message: kris.keen@xxxxxxxxxx: "RE: filtering even subnets"
• Previous message: Chuck Church: "RE: Dot1Q trunk vs ISL trunk"
• Maybe in reply to: Tim Wilhoit: "filtering even subnets"
• Next in thread: kris.keen@xxxxxxxxxx: "RE: filtering even subnets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:22 GMT-3