RE: ACL Tips and Tricks

From: Jim Brown (Jim.Brown@caselogic.com)
Date: Wed Mar 12 2003 - 17:17:49 GMT-3

• Next message: Ryan B: "Re: Server load balancing"
• Previous message: Anthony Pace: "OT: Are there Cisco benefits for CCIE?"
• Maybe in reply to: Voss, David: "ACL Tips and Tricks"
• Next in thread: OhioHondo: "RE: ACL Tips and Tricks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The point of the question is to prove your ability to mask at the bit
level. The 196 with a mask of 11 is the BEST one line answer.

-----Original Message-----
From: swm@emanon.com [mailto:swm@emanon.com]
Sent: Wednesday, March 12, 2003 6:04 AM
To: ccieexam2002@yahoo.com; Jim Brown; dvoss@heidrick.com;
ccielab@groupstudy.com
Subject: RE: ACL Tips and Tricks

That's very true, it's what you guys all calculated. And that part is
correct. HOWEVER, you are missing the point!

With three bits in the ACL, there are EIGHT possible values to match the
mask. You only have two routes you are supposed to allow or deny. So
you'd spend more time building the exception list to summarize it than
you would listing the two separately.

Think about this like security. When you let certain things through
your firewall, do you want to summarize in such a way that lets four
times as much come in as you really need to let in? I would think not.
ACLs should be done the same way on routing updates. The minimum number
of lines to match ONLY these two nets is to list them separately

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
CCIE FUN
Sent: Wednesday, March 12, 2003 12:12 AM
To: Jim Brown; Scott Morris; Voss, David; ccielab@groupstudy.com
Subject: RE: ACL Tips and Tricks

yep
that's what i calculated

196.95.160.0 11.0.0.255

--- Jim Brown <Jim.Brown@caselogic.com> wrote:
> access-list 1 permit 196.95.60.0 11.0.0.255
>
> 199 = 11000111
> 204 = 11001100
> --------------
> 196 = 11000100 exact match bits
> 11 = 00001011 wildcard bits
>
> This solution will include the 205 and 207 networks
> in addition to the
> 199 and 204 networks.
>
> This is the BEST answer IMHO.
>
> -----Original Message-----
> From: Scott Morris [mailto:swm@emanon.com]
> Sent: Tuesday, March 11, 2003 12:34 PM
> To: 'Voss, David'; ccielab@groupstudy.com
> Subject: RE: ACL Tips and Tricks
>
>
> 199 = 11000111
> 204 = 11001100
>
> There are 3 bits of difference between the two, so
> it is impossible to
> summarize them in one statement without including
> extraneous routes.
>
> Enjoy!
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> Voss, David
> Sent: Tuesday, March 11, 2003 12:49 PM
> To: ccielab@groupstudy.com
> Subject: ACL Tips and Tricks
>
>
> Permit the following subnets in an ACL with only 1
> command... and deny
> all other subnets.... I don't believe this can be
> done with 1 command.
> Maybe someone can give it a shot?
>
> 204.95.160.0/24
> 199.95.160.0/24

• Next message: Ryan B: "Re: Server load balancing"
• Previous message: Anthony Pace: "OT: Are there Cisco benefits for CCIE?"
• Maybe in reply to: Voss, David: "ACL Tips and Tricks"
• Next in thread: OhioHondo: "RE: ACL Tips and Tricks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:38 GMT-3