From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Tue Jul 19 2005 - 21:23:29 GMT-3
Hello
One of those wonderful ACL questions. It came on IPexpert Lab23. I
didn't understand how did they reach their results...
Purpose: few lines as possible deny hosts on networks :
168.192.3.0/24
168.192.11.0/24
168.192.14.0/24
168.208.3.0/24
168.208.11.0/24
168.208.14.0/24
Being that 192 is (b) 11000000 , 208 is (192+16) (b)11010000, 14 is
(8+4+2) (b)00001110, 11 (8+2+1) (b) 00001011 and 3 (b) 00000011
I did the following according to IE doc on ACL
Second Byte
192 208
NET = AND (11000000, 11010000) = 11000000 -> (d)192
MASK = XOR (11000000, 11010000) = 00010000 ->(d)16
No problem here.
Third Byte
I thought that we could try and mix all three networks so
14 11 3
NET=AND ( 00001110, 00001011, 00000011) = 00000010 = (d) 2
MASK =XOR (00001110, 00001011, 00000011) = 00001101 = (d) 13
Leading to the result of ACL being 168.192.2.0 mask 0.16.13.255
Their result was on two lines 168.192.3.0 MASK 0.16.8.255
168.192.14.0 MASK 0.16.0.255
I tried mix and match to see how did they get there, but I only got
confused... I understood that the first statement was derived by mixing
third bytes 3 and 11 but I didn't understand the second statement...
Perhaps my brains just refuses to work, but please could any one explain
to me why isn't my solution correct, for a LAB? (to much overlapping?)
TIA
Gustavo
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3