Re: Double Check access-list

From: Jian Gu (guxiaojian@gmail.com)
Date: Thu Oct 06 2005 - 16:20:47 GMT-3

• Next message: Victor Cappuccio: "Re: OSPF question"
• Previous message: Brian Dennis: "RE: OSPF question"
• Maybe in reply to: Leigh Harrison: "Double Check access-list"
• Next in thread: Leigh Harrison: "Re: Double Check access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

So the "official answer" is WRONG, I hate that when the official answer is
wrong.

On 10/6/05, Scott Morris <swm@emanon.com> wrote:
>
> 200.0.1.2 <http://200.0.1.2>
> 200.0.3.2 <http://200.0.3.2>
> 200.0.3.10 <http://200.0.3.10>
> 200.0.1.18 <http://200.0.1.18>
> 200.0.3.26 <http://200.0.3.26>
> 200.0.1.10 <http://200.0.1.10>
> 200.0.3.18 <http://200.0.3.18>
> 200.0.1.26 <http://200.0.1.26>
>
> Third Octet:
>
> 1 00000001
> 3 00000011
> Diff 00000010 = .2 Mask
>
> Fourth Octet:
>
> 2 00000010
> 10 00001010
> 18 00010010
> 26 00011010
> Diff 00011000 = .24 Mask
>
> Remember that the router sees these things simply as strings of 32 bits.
> It's only our little brains that need the dotted-decimal octet
> representations. :)
>
> 200.0.1.2 <http://200.0.1.2> 0.0.2.24 <http://0.0.2.24> mask will give a
> total of three bits of difference. 2^3
> yields 8 matches, and we have 8 lines listed.
>
> Scott
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Carl
> Willias
> Sent: Thursday, October 06, 2005 11:02 AM
> To: Lee Donald; Leigh Harrison; ccielab@groupstudy.com
> Subject: Re: Double Check access-list
>
> I think the answer is
>
> 200.0.3.2 <http://200.0.3.2> 0.0.0.24 <http://0.0.0.24>
> 200.0.1.2 <http://200.0.1.2> 0.0.0.24 <http://0.0.0.24>
>
> CW
>
> ----- Original Message ----
> From: Lee Donald <Lee.Donald@t-systems.co.uk>
> To: Leigh Harrison <ccileigh@gmail.com>; ccielab@groupstudy.com
> Sent: Thursday, October 06, 2005 9:05:05 AM
> Subject: RE: Double Check access-list
>
>
> Leigh,
>
> How's it going? Your access-list does work however it also includes other
> hosts with your list that your not suppose to deny, for example
200.0.2.16<http://200.0.2.16>
> would also be denied using your list but the question does not ask for
> that.
>
> Regards
>
> Lee.
>
>
>
> -----Original Message-----
> From: Leigh Harrison [mailto:ccileigh@gmail.com]
> Sent: 06 October 2005 14:49
> To: ccielab@groupstudy.com
> Subject: Double Check access-list
>
> Hey there,
>
> Could someone double check this for me? I think I've been staring at the
> screen too long....
>
> From IEWB lab vol 1 17 Q.10
>
> Use the minumum lines necessary to deny these hosts:-
>
> 200.0.1.2 <http://200.0.1.2>
> 200.0.3.2 <http://200.0.3.2>
> 200.0.3.10 <http://200.0.3.10>
> 200.0.1.18 <http://200.0.1.18>
> 200.0.3.26 <http://200.0.3.26>
> 200.0.1.10 <http://200.0.1.10>
> 200.0.3.18 <http://200.0.3.18>
> 200.0.1.26 <http://200.0.1.26>
>
> I worked it out like this:-
>
> 128 64 32 16 8 4 2 1 #
> 0 0 0 0 0 0 0 1 1
> 0 0 0 0 0 0 1 1 3
>
> 0 0 0 0 0 0 1 0 2
> 0 0 0 0 1 0 1 0 10
> 0 0 0 1 0 0 1 0 18
> 0 0 0 1 1 0 1 0 26
>
> From that, in the third octet, the only bit that cnages is 2 and both
> variables are present. In the fourth octet, the only bits that change are
> the 16 and 8 bits and all 4 variables are present.
>
> So I came up with :-
> access-list 1 deny 200.0.1.2 <http://200.0.1.2> 0.0.2.24 <http://0.0.2.24>
> access-list 1 permit any
>
> However, the official answer is:-
> access-list 1 deny 200.0.1.2 <http://200.0.1.2> 0.0.2.8 <http://0.0.2.8>
> access-list 1 deny 200.0.1.18 <http://200.0.1.18> 0.0.2.0 <http://0.0.2.0>
> access-list 1 deny 200.0.1.26 <http://200.0.1.26> 0.0.2.0 <http://0.0.2.0>
> access-list 1 permit any
>
> Am I missing something ?!?
>
> Time for a brew.....
> LH
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Victor Cappuccio: "Re: OSPF question"
• Previous message: Brian Dennis: "RE: OSPF question"
• Maybe in reply to: Leigh Harrison: "Double Check access-list"
• Next in thread: Leigh Harrison: "Re: Double Check access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3