RE: filtering even subnets

From: Chua, Parry (Parry.Chua@xxxxxxxxxx)
Date: Tue Apr 30 2002 - 00:28:19 GMT-3

• Next message: Michael Snyder: "RE: DHCP redundancy"
• Previous message: kris.keen@xxxxxxxxxx: "RE: filtering even subnets"
• Maybe in reply to: Tim Wilhoit: "filtering even subnets"
• Next in thread: Mingzhou Nie: "RE: filtering even subnets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
x = don't care mean either 0 or 1 9 this apply to your mask field)

addre 2 = 00000010
mask 12 = 00001100
result = 0000xx10 = 2,6,10,12

The above does not meet the requirement

addre 0 = 00000000
mask 14 = 00001110
result = 0000xxx0 = 2,4,6,8,10,12,14

The above also has problem, you need to allow 12 and 14

addre 12 = 00001100
mask 2 = 00000010
result = 000011x0 = 12(x=0), 14(x=1)

> Parry Chua
>
>

-----Original Message-----
From: Ashot Hakobyan [mailto:ashot.hakobyan@nettasking.com.au]
Sent: Tuesday, April 30, 2002 10:48 AM
To: 'Tim Wilhoit'
Cc: ccielab@groupstudy.com
Subject: RE: filtering even subnets

...while

access-list 1 deny 199.199.2.0 0.0.12.255
access-list 1 permit any

will block only /24 subnets .2, .4, .6, .8, and .10.

Regards,

Ashot Hakobyan
Senior Consultant
NetTasking (ANZ) Pty Ltd
Tel: +61 2 9928 5725 Fax: +61 2 9439 1163
***** "Delivering Business Availability" *****
***** http://www.NetTasking.com *****

> -----Original Message-----
> From: Tim Wilhoit [mailto:tilimil@hotmail.com]
> Sent: Monday, April 29, 2002 3:33 PM
> To: ccielab@groupstudy.com
> Cc: johnny.peterson@wcg.com
> Subject: filtering even subnets
>
>
> Ok, time for another exercise on filtering subnets. On page
> 1141 of Solie's book in the "Skynet" lab he asks the
> following: "Apply an inbound filter to R5, filtering just the
> even subnets from the loopback range 199.199.1.1 to
> 199.199.10.1 on R4".
>
> For some background, there are 10 subnets from 199.199.1.0/24
> to 199.199.10.0/24 entering this router.
>
> Obviously the easy way to do this is to just use an
> access-list like the
> following:
>
> access-list 1 deny 199.199.0.0 0.0.254.255
> access-list permit any
>
>
> But my thinking is this might be counted wrong because
> 199.199.12.0 could come along and it would get denied. So my
> question is, what is the shortest way to block JUST the
> subnets he asked for? Below is what I came up with but I
> want to see what everyone else comes up with.
>
> access-list 1 deny 199.199.8.0
> access-list 1 deny 199.199.10.0
> access-list 1 deny 199.199.0.0 0.0.6.255
> access-list 1 permit any

• Next message: Michael Snyder: "RE: DHCP redundancy"
• Previous message: kris.keen@xxxxxxxxxx: "RE: filtering even subnets"
• Maybe in reply to: Tim Wilhoit: "filtering even subnets"
• Next in thread: Mingzhou Nie: "RE: filtering even subnets"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:22 GMT-3