Re: Access list filter in the shortest lines possible.

From: Cristian Henry H (chenry@reuna.cl)
Date: Tue Sep 30 2003 - 11:58:54 GMT-3

I understood that the question was for filter routes /24 not for
traffic. In the case of filter traffic, I aggree with yuo about .255.
Thanks.

Kenneth Wygand ha escrito:
>
> Cristian is correct. My only "change" is I prefer to use .255 in the
> last octet of my subnet mask for the matching criteria - Cristian's
> answer will only work for the NETWORK addresses, and that is making the
> assumption of a /24 mask.
>
> If the question specifically states to block those "networks" or those
> "addresses" specifically, then Cristian's answer is 100% correct,
> possibly even more correct than my answer. However, if I'm using this
> access list to filter routes, if any of those networks are subnetted
> further at some point, or if the /32 host routes are advertised for
> specific interfaces, using "x.x.x.0" for the subnet mask of the access
> list will not cover those cases, while "x.x.x.255" will.
>
> I guess it's on a case-by-case basis. Once again, ask the proctor!
> (Learn from my mistakes :-P)
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
> CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
> Custom Computer Specialists, Inc.
> "It's not just about ending up where you want to be, it's about making
> the most of the trip there."
> -Anonymous
>
> -----Original Message-----
> From: Cristian Henry H [mailto:chenry@reuna.cl]
> Sent: Tuesday, September 30, 2003 10:03 AM
> To: Casey, Paul (6822)
> Cc: ccielab@groupstudy.com
> Subject: Re: Access list filter in the shortest lines possible.
>
> I got the following one:
>
> access-list 10 permit 100.0.33.0 27.55.94.0
>
> "Casey, Paul (6822)" ha escrito:
> >
> > > Hello,
> > >
> > > For example, say we are asked to filter the following routes using
> the
> > > shortest nuber of lines possible
> > >
> > > 102.17.63.0
> > > 126.22.61.0
> > > 111.22.57.0
> > > 125.33.101.0
> > >
> > > Can someone tell me the best access list to use to filter these
> networks.
> > >
> > > Thanks in advance.
> > > Kind regards.
> > >
> > >
> > >
> > >
> >
> >
> ************************************************************************
> ****************
> >
> > This E-mail is from O2. The E-mail and any files
> > transmitted with it are confidential and may also be privileged and
> intended
> > solely for the use of the individual or entity to whom they are
> addressed.
> > Any unauthorised direct or indirect dissemination, distribution or
> copying
> > of this message and any attachments is strictly prohibited. If you
> have
> > received the E-mail in error please notify postmaster@O2.com or
> > telephone ++ 353 1 6095000.
> >
> >
> ************************************************************************
> *****************
> >
> > ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> >
> _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
> from:
> > shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> --
> Cristian E. Henry
> REUNA
>
> E-mail: chenry@reuna.cl
> Fono: 56-2-3370336
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html 

-- 
Cristian E. Henry
REUNA

E-mail: chenry@reuna.cl
Fono: 56-2-3370336

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:40 GMT-3