From: Voss, David (dvoss@heidrick.com)
Date: Tue Mar 18 2003 - 17:33:00 GMT-3
Too many bits are different to do it in one or two statements unless he is
allowing for you to deny other sources. Also, Solie's solution does not
look correct based upon what is in your e-mail.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
CCIE FUN
Sent: Tuesday, March 18, 2003 12:48 PM
To: ccielab@groupstudy.com
Subject: Creating access-lists with minimum lines
Hello all
I came across this lab question from the Karl solie
Darth reid lab (section VII, question # 1)
On the ethernet segment of R1, write a traffic filter
blocking data from the following sources:(use as few
lines as possible)
deny ftp, http from 131.24.194.x
deny ftp, http from 131.25.194.x
deny ftp, http from 135.152.1.1
deny ftp, http from 131.24.195.x
deny ftp, http from 131.24.193.x
when i did the calculation my solution was as follow:
ip access-list extended Myfilter
deny tcp 131.0.0.0 8.159.195.1 eq ftp any
deny tcp 131.0.0.0 8.159.195.1 eq www any
permit ip any any
however the karl solie's solution for that question is
access-list 102 deny tcp 129.24.192.0 102.129.7.1 eq
ftp any
deny tcp 129.24.192.0 102.129.7.1 eq www any
permit tcp any any
I am little bit confused with the solution from
solie's book.
i am trying to figure out how that calculation was
done.
can anybody help
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3