From: EbonyGuru@xxxxxxx
Date: Thu Aug 15 2002 - 20:35:49 GMT-3
Thanks Emonk,
What happens if your customer is a bad guy from the "axis of evil" and then
says to you, do not use any form of access-lists to meet this requirement?
What do you do?
TIA,
E'Guru
In a message dated 15/08/2002 17:21:02 GMT Daylight Time, emonk@att.net
writes:
> Subj:RE: IP PREFIX-LIST HELP!
> Date:15/08/2002 17:21:02 GMT Daylight Time
> From:<A HREF="mailto:emonk@att.net">emonk@att.net</A>
> To:<A HREF="mailto:EbonyGuru@aol.com">EbonyGuru@aol.com</A>
> Sent from the Internet
>
>
>
> EG,
>
> Good question to post. You probably have come to these conclusions by
> now. But if not hopefully the following helps you.
>
> I have a couple of thoughts on how to approach these types of questions.
>
>
> 1) If the question asked about denying/permitting class B networks I
> would think that they meant the following classic B network range.
> 128-191.255.255.255/8-32 and I would use an extended access-list. (I
> would also have doubts and clarify with the proctor)
>
> 2) If they said something along the lines of allowing/denying network
> mask ge le 16 etc... then I would use the pre-fix list approach.
>
> 3) You could use a combination ACL and prefix list but I think you have
> probably have that all figured out by now.
>
>
> If the question said only allow class B networks. I would assume that
> the question meant allow the classful B range below. If it was in the
> lab I would clarify immediately to make sure they didn't mean include
> all /16 networks just in case or some other variation on it.
>
> Here are some examples below using access-lists. Easier than pre-fix
> lists when trying to do a specific range.
>
> 128-191.255.255.255/8-32
>
> access-list 1 permit 128.0.0.0 63.255.255.255
>
> But it could mean this.
>
> 128-191.255.255.255/16-32
>
> access-list 100 permit ip 128.0.0.0 63.255.255.255 255.255.0.0
> 0.0.255.255
>
> Or this one.
>
> 128-191.255.0.0/16
>
> access-list 100 permit ip 128.0.0.0 63.255.0.0 255.255.0.0 0.0.0.0
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> CiscoJunkie
> Sent: Thursday, August 15, 2002 8:53 AM
> To: Chaim Gev; EbonyGuru@aol.com; ccielab@groupstudy.com
> Subject: Re: IP PREFIX-LIST HELP!
>
> It doesn't mention those. Maybe I am just reading too much into the
> requirement, but if I am allowing class B networks in (i.e.
> 172.16.0.0/24;
> 172.16.1.0/24, etc.), that doesn't mean I need to allow 172.16.0.0/16,
> or
> for that matter ANY /16 network.
>
> Just trying not to miss the obvious...
>
> ----- Original Message -----
> From: "Chaim Gev" <chaimgev@hotmail.com>
> To: <ciscojunkie@teamhealth.com>; <EbonyGuru@aol.com>;
> <ccielab@groupstudy.com>
> Sent: Thursday, August 15, 2002 8:50 AM
> Subject: Re: IP PREFIX-LIST HELP!
>
>
> > and what about subnets of the callas B networks?
> >
> >
> > >From: "CiscoJunkie" <ciscojunkie@teamhealth.com>
> > >Reply-To: "CiscoJunkie" <ciscojunkie@teamhealth.com>
> > >To: <EbonyGuru@aol.com>, <ccielab@groupstudy.com>
> > >Subject: Re: IP PREFIX-LIST HELP!
> > >Date: Thu, 15 Aug 2002 07:59:47 -0400
> > >
> > >I hate to sound TOO logical, but if you are asked to "filter all
> class B
> > >nets" (allow in our deny them in??), would it not simply just be:
> > >
> > >"ip refix-list zib seq 10 (permit or deny) 0.0.0.0/16"
> > >
> > >----- Original Message -----
> > >From: <EbonyGuru@aol.com>
> > >To: <ccielab@groupstudy.com>
> > >Sent: Thursday, August 15, 2002 4:57 AM
> > >Subject: IP PREFIX-LIST HELP!
> > >
> > >
> > > > Hey Guys,
> > > >
> > > > Can someone please help me check if this is correct:
> > > >
> > > >
> > > > To filter all class B nets:
> > > >
> > > > ip prefix-lis zib seq 10 permit 0.0.0.0/0 ge 16 le 24
> > > >
> > > > Please also tell me where to find a reference with configuration
> > >examples.
> > > >
> > > > TIA.
> > > >
> > > > E'Guru
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:26 GMT-3