From: Lee Donald (Lee.Donald@t-systems.co.uk)
Date: Mon Apr 18 2005 - 15:33:24 GMT-3
Hi,
I have router 3 with an eth interface 162.1.38.3/24 and this is in vlan 28.
Then I have a routed interface on the other cat3550 that is 162.1.38.8/24
How can I configure this routed interface to be in vlan 28?
What associates the routed interface with a vlan?
Any help greatly received.
Regards
Lee.
-----Original Message-----
From: JP [mailto:jenseike@start.no]
Sent: Sunday, April 17, 2005 12:54 PM
To: Ccielab@Groupstudy. Com; Lee Donald
Subject: RE: Access-list question - Allowing even and odd numbers in 3rd
octet -
Hi there.
Here is what I have learned :
This is the solution by the way.. explenation is below : access-list 1
deny 0.0.1.0 255.255.254.255
We want to block the even third octets of any route coming in our Ethernet.
The first thing we have to do is realize that this has to be a very generic
statement. Anything with an odd third octet should be blocked, no particular
network is stated, it must cover them all. All we are going to care about in
this access-list is the third octet. The 1st, 2nd, and 4th octets can be
ANYTHING, it won't matter to us. So we can formulate the basic access-list
already:
access-list 1 deny 0.0.X.0 255.255.X.255
access-list 1 permit any
The first line we put a 0 for the 1st,2nd,and 4th octets 'standard'. Then we
put a wildcard mask of 255 for the 1st,2nd,and 4th octets. The 'X' just
means we haven't figured that out yet. The 0's in the 1st,2nd, and 4th
octects are just the smalles number we can put there, and its easy to type.
We could put any number in for our standard, it wouldn't matter, since we
don't care about them at all. Remember, for the wild card mask, 1's are I
DON'T CARE, and 0's are I CARE. So if we take a look at the 1st octet we
get:
0 - 0 0 0 0 0 0 0 0
255 1 1 1 1 1 1 1 1
Our standard of 0 breaks down to 8 0's, while our wildcard mask of 255
breaks down to all 1's. This means that we DON'T CARE about any of the bits
in the first octet. This is also true for the 2nd and 4th octets. We don't
care what is there, it can be anything. Now on to the 3rd octet. We have the
following bit values in a octet:
128 64 32 16 8 4 2 1
Out of all of these, the ONLY one that is odd is '1'.
So if we have the '1' bit OFF any combination of the other bits MUST be
EVEN. If we have the '1' bit ON, any combination of the others + the '1'
will be ODD. Here are a couple of quick examples:
....128643216 8 4 2 1
2 --- 0 0 0 0 0 0 1 0
4 --- 0 0 0 0 0 1 0 0
100- 0 1 1 0 0 1 0 0
150- 1 0 0 1 0 1 1 0
3 --- 0 0 0 0 0 0 1 1
5 --- 0 0 0 0 0 1 0 1
101- 0 1 1 0 0 1 0 1
151- 1 0 0 1 0 1 1 1
All of the even numbers have the '1' bit off.
All of the odd numbers have the '1' bit on.
This is the bit that we care about. The '1' bit is going to decide if the
octet is odd or even. So how do we check this '1' bit. Remember that 1's are
I DON'T CARE bits and 0's are I CARE bits for the wild card mask. So for
odds we would use a standard in the third octet of 1:
0.0.1.0
We could use any odd number, but this is the smallest odd number that will
put the '1' bit on.
...128643216 8 4 2 1
1 - 0 0 0 0 0 0 0 1
Now we need to figure out the wild card mask. We put a 1 under any bit we
don't care about. And a 0 under the bits we want to check. In this case we
are just going to check the '1' bit.
....128643216 8 4 2 1
1 --- 0 0 0 0 0 0 0 1
mask 1 1 1 1 1 1 1 0
We then add up the values of the 1's for the wild card mask:
128+64+32+16+8+4+2 = 254
So our wild card mask is going to be 254 for our third octet. This gives us
a complete access list of:
access-list 1 deny 0.0.1.0 255.255.254.255
Out of all 32 bits in the standard, we are only checking the 8th bit in the
3rd octet (the '1' bit). Our wild card mask says that we don't care about
any bits in the 1st or 2nd octet, in the third octet we care about the '1'
bit which in this case our standard says it MUST be on to match, and don't
care about any bits in the 4th octet. Now we can't forget the implicit deny
on the access-list. If we leave it like it is, it will deny all odd 3rd
octets, then deny everything else, so nothing will get through. So the
complete access-list will look like this:
access-list 1 deny 0.0.1.0 255.255.254.255
access-list 1 permit any
That will work, however it takes twice the number of lines that we can do it
in. Instead of denying the odds like it says, we can permit the evens. If we
permit the evens, then the odd will be implicitly denied and the access-list
will be just one line. So to permit the even 3rd octets we are only going to
change one thing. The 3rd octet standard must have the '1' bit OFF to be
even:
...128643216 8 4 2 1
0 -- 0 0 0 0 0 0 0 0
We again figure out our wild card mask, we only care about the '1' bit.
...128643216 8 4 2 1
0 --- 0 0 0 0 0 0 0 0
mask 1 1 1 1 1 1 1 0
Again, the wild card mask is going to be 254 (64+32+16+8+4+2) it doesen't
change between odds and evens, we are still checking the '1' bit. The only
thing that changes between checking odds and evens is the standard. We put a
1 in the third octet to check for odds, since 1 is the lowest odd number. We
put a 0 in the third octet to check for evens, since a 0 is the lowest even
number.
So our 1 line access-list looks like this:
access-list 1 permit 0.0.0.0 255.255.254.255
This doesn't care about the 1st, 2nd, or 4th octets. In the 3rd octet we
only care about the '1' bit, which in this case must match a 0, making it
even.
Remember, if they say to block odds or evens, permit the opposite, unless
they are being specific to a subnet.
Jens P
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Lee
Donald
Sent: 17. april 2005 12:13
To: ccielab@groupstudy.com
Subject: Access-list question - Allowing even and odd numbers in 3rd octet -
Can anyone put some more logic to this for me, I'm having a bad brain day.
I need to allow all odd numbers in the 3rd octet in via an access-list which
I know is
Access-list 5 permit 0.0.0.0 0.0.252.0
Then I tried to let just the evens in but got confused, and couldn't get my
dough brain round it.
Can anybody remind me of this and the way it works?
Thanks in advance.
Regards
Lee.
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:59 GMT-3