RE: Quiz Question of the Day 20040502

From: Kenneth Wygand (KWygand@customonline.com)
Date: Sun May 02 2004 - 23:41:17 GMT-3

Alsontra,
 
Let's take your first line for example:
 
Network (NET) = 10.0.0.0
Don't Care Bits (DCB) = 0.129.129.0
 
NET = 00001010.00000000.00000000.00000000
DCB = 00000000.10000001.10000001.00000000
 
Matching networks are:
 
00001010.00000000.00000000.00000000 = 10.0.0.0
00001010.00000000.00000001.00000000 = 10.0.1.0
00001010.00000000.10000000.00000000 = 10.0.128.0
00001010.00000000.10000001.00000000 = 10.0.129.0
00001010.00000001.00000000.00000000 = 10.1.0.0
00001010.00000001.00000001.00000000 = 10.1.1.0
00001010.00000001.10000000.00000000 = 10.1.128.0
00001010.00000001.10000001.00000000 = 10.1.129.0
00001010.10000000.00000000.00000000 = 10.128.0.0
00001010.10000000.00000001.00000000 = 10.128.1.0
00001010.10000000.10000000.00000000 = 10.128.128.0
00001010.10000000.10000001.00000000 = 10.128.129.0
00001010.10000001.00000000.00000000 = 10.129.0.0
00001010.10000001.00000001.00000000 = 10.129.1.0
00001010.10000001.10000000.00000000 = 10.129.128.0
00001010.10000001.10000001.00000000 = 10.129.129.0
 
Obviously, this is oversummarized since it includes a lot of networks that we don't want to match.
 
An easy way to see this is to look at the _number_ of don't care bits in the binary form of each of your ACL lines. Since your mask was "0000000.10000001.10000001.0000000", you have 4 bits that can be flopped in either direction and still make a match. That's 2^4 combinations, or 16 networks with that single statement. From your explanation, it appears as if you only wanted to match 2 networks with that statement (10.128.1.0 and 10.1.128.0).
 
Now, if we didn't care about oversummarization, your answer would be correct. But instead of matching the 16 networks listed, your lines of configuration have matched 8 times as much, or 128 networks.
 
Does this make sense?
 
Ken
 
 
-----Original Message-----
From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
Sent: Mon 5/3/2004 12:22 AM
To: Kenneth Wygand
Cc: ccielab@groupstudy.com
Subject: Re: Quiz Question of the Day 20040502

        Yeah, my masking kunk-fu is very poor today, always- First guess was
        completely wild, here's my final answer Regis....
        
        10.0.0.0 0.129.129.0
        10.0.0.0 0.65.65.0
        10.0.0.0 0.33.33.0
        10.0.0.0 0.17.17.0
        10.0.0.0 0.9.9.0
        10.0.0.0 0.5.5.0
        10.0.0.0 0.3.3.0
        10.1.1.0 0.0.0.0
        
        Overlap is four nets- not sure how far is can go?
        
        
        Example of my thinking-
        
        10.128.1.0 00001010.00100000.00000010.00000000
        10.1.128.0 00001010.00000001.01000000.00000000
        
        10.0.0.0 - 00000101.00000000.00000000.00000000 AND
        0.129.129.0 - 00000000.01000010.01000010.00000000 XOR
        
        
        ********************************************************
        
        
        10.1.64.0 00000101.00000001.00100000.00000000
        10.64.1.0 00000101.00100000.00000010.00000000
        
        10.0.0.0 00000101.00000000.00000000.00000000 AND
        0.65.65.0 00000000.00100001.00100010.00000000 XOR
        
        
        Alsontra
        
        ----- Original Message -----
        From: "Kenneth Wygand" <KWygand@customonline.com>
        To: <alsontra@hotmail.com>
        Cc: <ccielab@groupstudy.com>
        Sent: Sunday, May 02, 2004 5:08 PM
        Subject: RE: Quiz Question of the Day 20040502
        
        
> Alsontra,
>
> Unfortunately not. If you actually map out the "don't care" bits in your
        masks, your first mask is "00000000.00000000.01111111.11111111". If we
        don't count the last octet (because these are host bits due to the fact that
        I said the networks were /24's), you have 7 "don't care" bits for your
        network portion. 2^7 is 128, so you are actually matching 128 networks with
        your first statement, much more than my question allowed. Likewise, your
        second statement includes 14 "don't care" bits, totaling 16384 networks
        (2^14).
>
> Keep thinking... and think about how the "don't care" bits work. It might
        help to actual map out the networks I mentioned in binary...
>
> Good luck!
> Ken
>
> -----Original Message-----
> From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
> Sent: Sun 5/2/2004 9:50 PM
> To: Kenneth Wygand
> Cc:
> Subject: Re: Quiz Question of the Day 20040502
>
>
>
> Sorry about that. I mean..
>
> 10.1.0.0 0.0.254.255
> 10.0.1.0 0.254.254.255
>
> Thnaks- Here for lucky guesses...????
>
>
> Alsontra
>
> ----- Original Message -----
> From: "Kenneth Wygand" <KWygand@customonline.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, May 02, 2004 4:36 PM
> Subject: Quiz Question of the Day 20040502
>
>
> > Write an access list (ACL 10) using the _fewest_ number of lines that
> denies _all_ of the following networks _without_ oversummarization and
> permits all other networks.
> >
> > 10.1.1.0 /24
> > 10.1.2.0 /24
> > 10.1.4.0 /24
> > 10.1.8.0 /24
> > 10.1.16.0 /24
> > 10.1.32.0 /24
> > 10.1.64.0 /24
> > 10.1.128.0 /24
> > 10.1.1.0 /24
> > 10.2.1.0 /24
> > 10.4.1.0 /24
> > 10.8.1.0 /24
> > 10.16.1.0 /24
> > 10.32.1.0 /24
> > 10.64.1.0 /24
> > 10.128.1.0 /24
> >
> > If you really understand how access lists work, this one should be
        easy...
> :)
> >
> > Ken
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com <http://shop.groupstudy.com/>
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:03 GMT-3