From: Pierre-Alex (paguanel@hotmail.com)
Date: Sun Nov 27 2005 - 21:26:26 GMT-3
Yes, I think in this case asking the proctor would be a good idea
Pierre
----- Original Message -----
From: "blodwick" <blodwick@columbus.rr.com>
To: "'Pierre-Alex'" <paguanel@hotmail.com>; "'Montiean'"
<noktes@bellsouth.net>; <ccielab@groupstudy.com>
Sent: Sunday, November 27, 2005 10:12 PM
Subject: RE: wildcard mask question
>
> Yea, I agree. Now looking back at my examples I was not very descriptive
> in what I was requiring. I said "nets" which is a little vague. If the
> question were asking me to filter ONLY the /24 routes from the list, a
> 0.0.6.0 mask would work nicely since the /24 routes would arrive with a
> zero in the last octet.
>
> If the question asked me to filter any routes of /24 or smaller, or if
> it were asking me to filter on an interface anything from within those
> /24s I would use the 0.0.6.255 mask.
>
> If I got this in the exam I'd go to the proctor and ask if "nets" meant
> they only wanted the /24s filtered.
>
> ~Brian L
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Pierre-Alex
> Sent: Saturday, November 26, 2005 4:08 PM
> To: Pierre-Alex; blodwick; 'Montiean'; ccielab@groupstudy.com
> Subject: Re: wildcard mask question
>
> I meant this way you would get away from the smaller subnets (it's late
> ...)
>
>
> ----- Original Message -----
> From: "Pierre-Alex" <paguanel@hotmail.com>
> To: "blodwick" <blodwick@columbus.rr.com>; "'Montiean'"
> <noktes@bellsouth.net>; <ccielab@groupstudy.com>
> Sent: Saturday, November 26, 2005 10:06 PM
> Subject: Re: wildcard mask question
>
>
>> If the wildcard mask does not need to be contiguous then would not a
>> better solution be:
>>
>> access-list 101 permit ip any 192.168.1.0 0.0.6.0 instead?
>>
>> This way you would get the smaller subnets!
>>
>>
>>
>>
>> ----- Original Message -----
>> From: "blodwick" <blodwick@columbus.rr.com>
>> To: "'Pierre-Alex'" <paguanel@hotmail.com>; "'Montiean'"
>> <noktes@bellsouth.net>; <ccielab@groupstudy.com>
>> Sent: Saturday, November 26, 2005 8:34 PM
>> Subject: RE: wildcard mask question
>>
>>
>>>I love these kinds of questions! Anyone who enjoys mathematics can
>>> appreciate the coolness of the flexibility of the wildcard mask in
> the
>>> IOS. At first it does not seem right since from the beginning we are
>>> taught about leftmost bits of a subnet mask indicating the "network"
>>> portion of the address, then the left over bit are the available host
>>> bits (excluding the network and broadcast). We also learned that in
> the
>>> beginning subnet masks had a fixed length; then later came the
> concept
>>> of variable length subnet masks. So naturally when we use go to use
>>> wildcard masks we stick with the same rules and simply invert your
>>> thought process and apply variable length masking from right to left
>>> instead of left to right, but the cool part is the wildcard mask does
>>> not have the same rules that an IP subnet mask has.
>>>
>>> If you want to make an access-list that defines the following nets -
>>> 192.168.1.0/24, 192.168.3.0/24, 192.168.5.0/24, and 192.168.7.0/24
> you
>>> can do it in 1 statement, by not sticking to the contiguous bit
> model.
>>>
>>> access-list 101 permit ip any 192.168.1.0 0.0.6.255
>>>
>>> Or how about in one statement select only the following nets -
>>> 172.16.32.0/24, 172.16.36.0/24, 172.16.48.0/24, 172.16.52.0/24,
>>> 168.16.32.0/24, 168.16.36.0/24, 168.16.48.0/24, 168.16.52.0/24.
>>>
>>> access-list 102 permit ip any 168.16.32.0 4.0.20.0
>>>
>>> I used examples of course that fit nicely, but if a question asks you
> to
>>> do something like this and let's say one or two nets don't fit. You
> can
>>> throw in the ones that don't fit as initial deny statements and
> you'll
>>> probably still end up with less lines.
>>>
>>> ~ Brian L
>>>
>>>
>>> -----Original Message-----
>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
>>> Pierre-Alex
>>> Sent: Friday, November 25, 2005 3:11 PM
>>> To: Montiean; ccielab@groupstudy.com
>>> Subject: Re: wildcard mask question
>>>
>>> Why not use an extended acces-list to match the mask also ?
>>>
>>> This way you don't have to worry about matching other prefix.
>>>
>>> You are doing exactly what was asked of you!
>>>
>>> access-list 100 permit 192.168.20.0 0.0.3.0 255.255.255.0 0.0.0.0
>>>
>>> Pierre
>>>
>>> ----- Original Message -----
>>> From: "Montiean" <noktes@bellsouth.net>
>>> To: <ccielab@groupstudy.com>
>>> Sent: Monday, October 31, 2005 12:24 AM
>>> Subject: wildcard mask question
>>>
>>>
>>>> Folks,
>>>> Just want to get the idea on wildcard mask using acl in the lab.
>>>> For an example, let say we need to use only one statement in acl to
>>> filter
>>>> routes below
>>>>
>>>> 192.168.20.0/24
>>>> 192.168.21.0/24
>>>> 192.168.22.0/24
>>>> 192.168.23.0/24
>>>>
>>>> So we can use either ways as below
>>>>
>>>> access-list 1 permit 192.168.20.0 0.0.3.0
>>>> or
>>>> access-list 1 permit 192.168.20.0 0.0.3.255
>>>>
>>>> The result is going to be the same but which way should be right in
>>> the
>>>> lab.
>>>> Any comments would be appreciate.
>>>>
>>>> Thanks,
>>>> Montiean
>>>>
>>>>
>>>
> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>> --
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.1.362 / Virus Database: 267.13.7/182 - Release Date:
>>> 11/24/2005
>>>
>>>
>>> --
>>> No virus found in this outgoing message.
>>> Checked by AVG Free Edition.
>>> Version: 7.1.362 / Virus Database: 267.13.8/183 - Release Date:
>>> 11/25/2005
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.362 / Virus Database: 267.13.8/183 - Release Date:
> 11/25/2005
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.362 / Virus Database: 267.13.8/183 - Release Date:
> 11/25/2005
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:08 GMT-3