RE: Quiz Question of the Day 20040502

From: Kian Wah, Lai (kian_wah@qala.com.sg)
Date: Mon May 03 2004 - 01:00:43 GMT-3

If I follow the method on that URL, for

> > > 10.1.1.0 /24
> > > 10.1.2.0 /24
> > > 10.1.4.0 /24
> > > 10.1.8.0 /24
> > > 10.1.16.0 /24
> > > 10.1.32.0 /24
> > > 10.1.64.0 /24
> > > 10.1.128.0 /24

I'll get 10.1.0.0 0.0.255.0 which will match all from 10.1.0.0 to
10.1.255.0.... So it's not right as well.

I think the way is to do one ACL line for each address space???

Regards,
Kian Wah, Lai

-----Original Message-----
From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
Sent: Monday, May 03, 2004 1:35 PM
To: Kian Wah, Lai; 'Kenneth Wygand'
Cc: ccielab@groupstudy.com
Subject: Re: Quiz Question of the Day 20040502

What is the small number of lists this can be done in?

Alsontra

----- Original Message -----
From: "Kian Wah, Lai" <kian_wah@qala.com.sg>
To: "'Kenneth Wygand'" <KWygand@customonline.com>; <alsontra@hotmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Sunday, May 02, 2004 8:13 PM
Subject: RE: Quiz Question of the Day 20040502

> Think this helps
>
> http://www.internetworkexpert.com/resources/01700370.htm
>
> Regards,
> Kian Wah, Lai
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Kenneth Wygand
> Sent: Monday, May 03, 2004 10:41 AM
> To: alsontra@hotmail.com
> Cc: ccielab@groupstudy.com
> Subject: RE: Quiz Question of the Day 20040502
>
> Alsontra,
>
> Let's take your first line for example:
>
> Network (NET) = 10.0.0.0
> Don't Care Bits (DCB) = 0.129.129.0
>
> NET = 00001010.00000000.00000000.00000000
> DCB = 00000000.10000001.10000001.00000000
>
> Matching networks are:
>
> 00001010.00000000.00000000.00000000 = 10.0.0.0
> 00001010.00000000.00000001.00000000 = 10.0.1.0
> 00001010.00000000.10000000.00000000 = 10.0.128.0
> 00001010.00000000.10000001.00000000 = 10.0.129.0
> 00001010.00000001.00000000.00000000 = 10.1.0.0
> 00001010.00000001.00000001.00000000 = 10.1.1.0
> 00001010.00000001.10000000.00000000 = 10.1.128.0
> 00001010.00000001.10000001.00000000 = 10.1.129.0
> 00001010.10000000.00000000.00000000 = 10.128.0.0
> 00001010.10000000.00000001.00000000 = 10.128.1.0
> 00001010.10000000.10000000.00000000 = 10.128.128.0
> 00001010.10000000.10000001.00000000 = 10.128.129.0
> 00001010.10000001.00000000.00000000 = 10.129.0.0
> 00001010.10000001.00000001.00000000 = 10.129.1.0
> 00001010.10000001.10000000.00000000 = 10.129.128.0
> 00001010.10000001.10000001.00000000 = 10.129.129.0
>
> Obviously, this is oversummarized since it includes a lot of networks that
> we don't want to match.
>
> An easy way to see this is to look at the _number_ of don't care bits in
the
> binary form of each of your ACL lines. Since your mask was
> "0000000.10000001.10000001.0000000", you have 4 bits that can be flopped
in
> either direction and still make a match. That's 2^4 combinations, or 16
> networks with that single statement. From your explanation, it appears as
> if you only wanted to match 2 networks with that statement (10.128.1.0 and
> 10.1.128.0).
>
> Now, if we didn't care about oversummarization, your answer would be
> correct. But instead of matching the 16 networks listed, your lines of
> configuration have matched 8 times as much, or 128 networks.
>
> Does this make sense?
>
> Ken
>
>
> -----Original Message-----
> From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
> Sent: Mon 5/3/2004 12:22 AM
> To: Kenneth Wygand
> Cc: ccielab@groupstudy.com
> Subject: Re: Quiz Question of the Day 20040502
>
>
>
> Yeah, my masking kunk-fu is very poor today, always- First guess was
> completely wild, here's my final answer Regis....
>
> 10.0.0.0 0.129.129.0
> 10.0.0.0 0.65.65.0
> 10.0.0.0 0.33.33.0
> 10.0.0.0 0.17.17.0
> 10.0.0.0 0.9.9.0
> 10.0.0.0 0.5.5.0
> 10.0.0.0 0.3.3.0
> 10.1.1.0 0.0.0.0
>
> Overlap is four nets- not sure how far is can go?
>
>
> Example of my thinking-
>
> 10.128.1.0 00001010.00100000.00000010.00000000
> 10.1.128.0 00001010.00000001.01000000.00000000
>
> 10.0.0.0 - 00000101.00000000.00000000.00000000 AND
> 0.129.129.0 - 00000000.01000010.01000010.00000000 XOR
>
>
> ********************************************************
>
>
> 10.1.64.0 00000101.00000001.00100000.00000000
> 10.64.1.0 00000101.00100000.00000010.00000000
>
> 10.0.0.0 00000101.00000000.00000000.00000000 AND
> 0.65.65.0 00000000.00100001.00100010.00000000 XOR
>
>
> Alsontra
>
> ----- Original Message -----
> From: "Kenneth Wygand" <KWygand@customonline.com>
> To: <alsontra@hotmail.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Sunday, May 02, 2004 5:08 PM
> Subject: RE: Quiz Question of the Day 20040502
>
>
> > Alsontra,
> >
> > Unfortunately not. If you actually map out the "don't care" bits
> in your
> masks, your first mask is "00000000.00000000.01111111.11111111". If
> we
> don't count the last octet (because these are host bits due to the
> fact that
> I said the networks were /24's), you have 7 "don't care" bits for
> your
> network portion. 2^7 is 128, so you are actually matching 128
> networks with
> your first statement, much more than my question allowed. Likewise,
> your
> second statement includes 14 "don't care" bits, totaling 16384
> networks
> (2^14).
> >
> > Keep thinking... and think about how the "don't care" bits work.
> It might
> help to actual map out the networks I mentioned in binary...
> >
> > Good luck!
> > Ken
> >
> > -----Original Message-----
> > From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
> > Sent: Sun 5/2/2004 9:50 PM
> > To: Kenneth Wygand
> > Cc:
> > Subject: Re: Quiz Question of the Day 20040502
> >
> >
> >
> > Sorry about that. I mean..
> >
> > 10.1.0.0 0.0.254.255
> > 10.0.1.0 0.254.254.255
> >
> > Thnaks- Here for lucky guesses...????
> >
> >
> > Alsontra
> >
> > ----- Original Message -----
> > From: "Kenneth Wygand" <KWygand@customonline.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Sunday, May 02, 2004 4:36 PM
> > Subject: Quiz Question of the Day 20040502
> >
> >
> > > Write an access list (ACL 10) using the _fewest_ number of lines
> that
> > denies _all_ of the following networks _without_ oversummarization
> and
> > permits all other networks.
> > >
> > > 10.1.1.0 /24
> > > 10.1.2.0 /24
> > > 10.1.4.0 /24
> > > 10.1.8.0 /24
> > > 10.1.16.0 /24
> > > 10.1.32.0 /24
> > > 10.1.64.0 /24
> > > 10.1.128.0 /24
> > > 10.1.1.0 /24
> > > 10.2.1.0 /24
> > > 10.4.1.0 /24
> > > 10.8.1.0 /24
> > > 10.16.1.0 /24
> > > 10.32.1.0 /24
> > > 10.64.1.0 /24
> > > 10.128.1.0 /24
> > >
> > > If you really understand how access lists work, this one should
> be
> easy...
> > :)
> > >
> > > Ken
> > >
> > >
> _______________________________________________________________________
> > > Please help support GroupStudy by purchasing your study
> materials from:
> > > http://shop.groupstudy.com <http://shop.groupstudy.com/>
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:03 GMT-3