RE: Access list filter in the shortest lines possible.

From: Kenneth Wygand (KWygand@customonline.com)
Date: Tue Sep 30 2003 - 11:18:30 GMT-3

• Next message: Scott Morris: "RE: Access list filter in the shortest lines possible."
• Previous message: Charles Church: "RE: 12.2 on 2500's"
• Maybe in reply to: Casey, Paul (6822): "RE: Access list filter in the shortest lines possible."
• Next in thread: Scott Morris: "RE: Access list filter in the shortest lines possible."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Cristian is correct. My only "change" is I prefer to use .255 in the
last octet of my subnet mask for the matching criteria - Cristian's
answer will only work for the NETWORK addresses, and that is making the
assumption of a /24 mask.

If the question specifically states to block those "networks" or those
"addresses" specifically, then Cristian's answer is 100% correct,
possibly even more correct than my answer. However, if I'm using this
access list to filter routes, if any of those networks are subnetted
further at some point, or if the /32 host routes are advertised for
specific interfaces, using "x.x.x.0" for the subnet mask of the access
list will not cover those cases, while "x.x.x.255" will.

I guess it's on a case-by-case basis. Once again, ask the proctor!
(Learn from my mistakes :-P)

Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"It's not just about ending up where you want to be, it's about making
the most of the trip there."
-Anonymous

-----Original Message-----
From: Cristian Henry H [mailto:chenry@reuna.cl]
Sent: Tuesday, September 30, 2003 10:03 AM
To: Casey, Paul (6822)
Cc: ccielab@groupstudy.com
Subject: Re: Access list filter in the shortest lines possible.

I got the following one:

access-list 10 permit 100.0.33.0 27.55.94.0

"Casey, Paul (6822)" ha escrito:
>
> > Hello,
> >
> > For example, say we are asked to filter the following routes using
the
> > shortest nuber of lines possible
> >
> > 102.17.63.0
> > 126.22.61.0
> > 111.22.57.0
> > 125.33.101.0
> >
> > Can someone tell me the best access list to use to filter these
networks.
> >
> > Thanks in advance.
> > Kind regards.
> >
> >
> >
> >
>
>
************************************************************************
****************
>
> This E-mail is from O2. The E-mail and any files
> transmitted with it are confidential and may also be privileged and
intended
> solely for the use of the individual or entity to whom they are
addressed.
> Any unauthorised direct or indirect dissemination, distribution or
copying
> of this message and any attachments is strictly prohibited. If you
have
> received the E-mail in error please notify postmaster@O2.com or
> telephone ++ 353 1 6095000.
>
>
************************************************************************
*****************
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>

• Next message: Scott Morris: "RE: Access list filter in the shortest lines possible."
• Previous message: Charles Church: "RE: 12.2 on 2500's"
• Maybe in reply to: Casey, Paul (6822): "RE: Access list filter in the shortest lines possible."
• Next in thread: Scott Morris: "RE: Access list filter in the shortest lines possible."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:40 GMT-3