RE: filtering even subnets

From: kris.keen@xxxxxxxxxx
Date: Tue Apr 30 2002 - 00:20:21 GMT-3

• Next message: Chua, Parry: "RE: filtering even subnets"
• Previous message: kris.keen@xxxxxxxxxx: "RE: filtering even subnets"
• Maybe in reply to: Tim Wilhoit: "filtering even subnets"
• Next in thread: Chua, Parry: "RE: filtering even subnets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Tim,

Just looking at that, here is the binary

0001 = 1
0101 = 5
0111 = 7
1001 = 9

So, you want to match the first 3 bits (dont care about the 4th)
so, 1110 , = 14

deny 199.199.1.0 0.0.14.255

Will work...

-----------------------------------------------------------------
Kris Keen - CNE, CCNA, CCNP
Network Support Specialist - Network Systems
Aon Risk Services Australia Limited
(612) 9253 7272
0404862970
E: Kris.Keen@aon.com.au

                    Ashot Hakobyan

                    <ashot.hakobyan@nettaski To: "'Tim Wilhoit'" <til
imil@hotmail.com>
                    ng.com.au> cc: ccielab@groupstudy.c
om
                    Sent by: bcc:

                    nobody@groupstudy.com Subject: RE: filtering e
ven subnets

                    30/04/2002 12:47 PM

                    Please respond to Ashot

                    Hakobyan

...while

access-list 1 deny 199.199.2.0 0.0.12.255
access-list 1 permit any

will block only /24 subnets .2, .4, .6, .8, and .10.

Regards,

Ashot Hakobyan
Senior Consultant
NetTasking (ANZ) Pty Ltd
Tel: +61 2 9928 5725 Fax: +61 2 9439 1163
***** "Delivering Business Availability" *****
***** http://www.NetTasking.com *****

> -----Original Message-----
> From: Tim Wilhoit [mailto:tilimil@hotmail.com]
> Sent: Monday, April 29, 2002 3:33 PM
> To: ccielab@groupstudy.com
> Cc: johnny.peterson@wcg.com
> Subject: filtering even subnets
>
>
> Ok, time for another exercise on filtering subnets. On page
> 1141 of Solie's book in the "Skynet" lab he asks the
> following: "Apply an inbound filter to R5, filtering just the
> even subnets from the loopback range 199.199.1.1 to
> 199.199.10.1 on R4".
>
> For some background, there are 10 subnets from 199.199.1.0/24
> to 199.199.10.0/24 entering this router.
>
> Obviously the easy way to do this is to just use an
> access-list like the
> following:
>
> access-list 1 deny 199.199.0.0 0.0.254.255
> access-list permit any
>
>
> But my thinking is this might be counted wrong because
> 199.199.12.0 could come along and it would get denied. So my
> question is, what is the shortest way to block JUST the
> subnets he asked for? Below is what I came up with but I
> want to see what everyone else comes up with.
>
> access-list 1 deny 199.199.8.0
> access-list 1 deny 199.199.10.0
> access-list 1 deny 199.199.0.0 0.0.6.255
> access-list 1 permit any

• Next message: Chua, Parry: "RE: filtering even subnets"
• Previous message: kris.keen@xxxxxxxxxx: "RE: filtering even subnets"
• Maybe in reply to: Tim Wilhoit: "filtering even subnets"
• Next in thread: Chua, Parry: "RE: filtering even subnets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:22 GMT-3