From: Bob Sinclair (bobsinclair@frontiernet.net)
Date: Thu Jun 15 2006 - 08:12:28 ART
Hi Sami,
Your understanding of how the bit-masking works looks good to me. The point
to keep in mind that some others were making on this topic is that whether the
access-list actually permits or denies traffic or updates depends on how it is
applied. For example, the result is completely different depending on whether
the access list is used in a "deny" route-map statement or a "permit"
route-map statement.
For that reason, it might be better to talk about what an access-list
"matches" rather than what it permits or denies, if further context is not
given.
Remember this "odd/even" matching approach can be applied at various bit
positions. For example:
192.168.105.0 0.0.2.0 matches which two networks?
If you are looking for good examples of various types of binary operation
exercises, you might check out this link:
http://www.catspace.com/goodies/goodies.htm
HTH,
Bob Sinclair
CCIE #10427, CCSI 30427
www.netmasterclass.net
----- Original Message -----
From: Sami
To: swm@emanon.com
Cc: Bob Sinclair ; Cisco certification
Sent: Thursday, June 15, 2006 3:20 AM
Subject: Re: Access List
Thanks everyone.
Permit 0.0.0.0 254.255.255.255 => permit even network in first octet
Permit 1.0.0.0 254.255.255.255 => permit odd network in first octect
Deny 0.0.0.0 254.255.255.255 => deny even network
Deny 1.0.0.0 254.255.255.255 => deny odd network
I hope my understanding is correct.
Thanks
On 6/14/06, Scott Morris <swm@emanon.com> wrote:
>
> Just re-read the e-mail. :) I think the question was about the permit
> part....
>
> Anyway... Wouldn't this depend on how the ACL was applied? If used as a
> simple packet filter applied to an interface, then perhaps yes. If used
> as
> part of a route-map or class-map entry to match things then apply an
> action,
> perhaps not.
>
> I'm not sure we have enough detail here to give a 100% yes or no answer.
>
> Just my $.02 (now that I've read the whole thing!) :)
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
> #153, CISSP, et al.
> CCSI/JNCI
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> smorris@ipexpert.com
> http://www.ipexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Bob
> Sinclair
> Sent: Tuesday, June 13, 2006 7:54 PM
> To: Sami; Cisco certification
> Subject: Re: Access List
>
> Sami,
>
> I agree with you. The writer should either change the access-list to a
> "deny", or change the prefix to zero in the last bit of the first octet.
>
> HTH,
>
>
> Bob Sinclair
> CCIE #10427, CCSI 30427
> www.netmasterclass.net
>
> ----- Original Message -----
> From: Sami
> To: Cisco certification
> Sent: Tuesday, June 13, 2006 6:30 PM
> Subject: Access List
>
>
> Group,
>
> One of task says filter out all odd network from first octet , and
> solution
> given is
>
> ip access list 1 permit 1.0.0.0 254.255.255.255
>
> why first octet of network is 1 ?
>
> shouldn't it be 0.0.0.0 ( any ) 254.255.255.255 ?
>
> Thanks
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:32 ART