From: Scott Morris (swm@emanon.com)
Date: Sun Feb 09 2003 - 02:02:15 GMT-3
An interesting point, and in some instances you likely wouldn't care
whether the last octet was .255 or .0 (particularly classfull routing
protocols). But you are correct. If you don't want subnets to come in
then absolutely!
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
kym blair
Sent: Saturday, February 08, 2003 9:19 PM
To: ohiohondo@columbus.rr.com; ccielab@groupstudy.com;
sagevadi@yahoo.co.uk
Subject: RE: ACL's: Even/Odd -- QUIZ 2
The specific match would be: 198.5.52.0 0.0.2.0
X.X.52.X = X.X.00110100.X
X.X.54.X = X.X.00110110.X
52/54 mask = 00000010
Mask uses "0" to indicate exact match. Therefore:
198.5.52.0 0.0.2.0
-or-
198.5.54.0 0.0.2.0
QUIZ 2:
How would you match:
198.5.35.0
198.5.43.0
198.5.51.0
198.5.59.0
I believe the one-line solution would be:
35 = 00100011
43 = 00101011
51 = 00110011
59 = 00111011
mask 00011000 = 24
===> 198.5.35.0 0.0.24.0
NOTE: If you're talking about a route, then you want to match the 4th
octet
too, so end the mask with "0"; if you're talking about filtering
packets,
then don't match the last octet, and end mask with "255".
HTH, Kym
>From: "OhioHondo" <ohiohondo@columbus.rr.com>
>Reply-To: "OhioHondo" <ohiohondo@columbus.rr.com>
>To: "Scott Morris" <swm@emanon.com>, "'Jung, Jin'" <jin.jung@lmco.com>,
> "'Cezar Fistik'" <cfistik@moldovacc.md>, <ccielab@groupstudy.com>
>Subject: RE: ACL's: Even/Odd permit/deny
>Date: Sat, 8 Feb 2003 19:49:29 -0500
>
>A specific match would be
>
>198.5.52.0 0.0.2.255
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Scott Morris
>Sent: Saturday, February 08, 2003 7:17 PM
>To: 'Jung, Jin'; 'Cezar Fistik'; ccielab@groupstudy.com
>Subject: RE: ACL's: Even/Odd permit/deny
>
>
>0.0.254.255 would work fine, but the problem is that you permit a WHOLE
>lot more than JUST those two subnets. That is sloppy math, and (in my
>mind) would therefore be wrong.
>
>When I tell you to permit SMTP to your mail server, do you permit your
>entire IP range to port 25? Nope. Do you permit any port to that
>host? Nope.
>
>Specific matches with no overflow.
>
>Scott
>
>-----Original Message-----
>From: Jung, Jin [mailto:jin.jung@lmco.com]
>Sent: Saturday, February 08, 2003 7:05 PM
>To: 'Scott Morris'; 'Cezar Fistik'; ccielab@groupstudy.com
>Subject: RE: ACL's: Even/Odd permit/deny
>
>
>Lo0ks like
>
>Acces-list 5 permit 198.5.52.0 0.0.254.255 works fine..
>
> 10.0.0.0/24 is subnetted, 4 subnets
>O E2 10.6.6.0 [130/20] via 172.31.100.6, 00:00:04, Serial0.1
>O E2 10.5.5.0 [130/20] via 172.31.100.5, 00:00:04, Serial0.1
>C 10.12.12.0 is directly connected, Serial0.2
>C 10.2.2.0 is directly connected, Loopback0
>R 198.5.52.0/24 [120/1] via 172.31.101.2, 00:00:05, Serial0.2
>R 198.5.54.0/24 [120/1] via 172.31.101.2, 00:00:05, Serial0.2
>
>-----Original Message-----
>From: Scott Morris [mailto:swm@emanon.com]
>Sent: Saturday, February 08, 2003 3:57 PM
>To: 'Cezar Fistik'; ccielab@groupstudy.com
>Subject: RE: ACL's: Even/Odd permit/deny
>
>
>Because that would take all the fun out of it! And we all know that
>the CCIE test is all about fun. ;)
>
>Binary manipulation is good to know, and also used in lots of the
>practice labs too...
>
>Scott
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Cezar Fistik
>Sent: Saturday, February 08, 2003 11:51 AM
>To: ccielab@groupstudy.com
>Subject: Re: ACL's: Even/Odd permit/deny
>
>
>Why not to consider a simpler solution, like
>
>permit 198.5.52.0 0.0.0.255
>permit 198.5.54.0 0.0.0.255
>
>Or the scenario conditions say that only one ACL line should be used?
>
>Regards,
>
>Cezar Fistik
>
>
>----- Original Message -----
>From: "Sage Vadi" <sagevadi@yahoo.co.uk>
>To: <ccielab@groupstudy.com>
>Sent: Saturday, February 08, 2003 3:41 AM
>Subject: ACL's: Even/Odd permit/deny
>
>
> > All,
> >
> > Trying to permit these* even networks:
> >
> > 198.5.51.0
> > 198.5.52.0*
> > 198.5.53.0
> > 198.5.54.0*
> >
> > ACL I use:
> >
> > permit 198.5.0.0 0.0.254.255
> >
> > Q) I'm redistributing these RIP learnt networks into
> > OSPF, since I can't use a distribute-list (lab req)
> > I'm using ACL and route-map. Basically the route-map
> > says match the above ACL.
> >
> > Problem is - when I do so ALL of the networks are sent
> > into OSPF. Q) Any ideas, is my ACL right?
> >
> > Cheers,
> > Sage
> >
> >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Everything you'll ever need on one web page
> > from News and Sport to Email and Music Charts http://uk.my.yahoo.com
> > .
>.
>.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:17 GMT-3