RE: ACL Question - Can you fix it?

From: Scott Vermillion (scott_ccie_list@it-ag.com)
Date: Fri Dec 07 2007 - 23:03:25 ART

• Next message: Bob Sinclair: "Re: Interesting question - I saw recently"
• Previous message: Roman Rodichev: "RE: ACL Question - Can you fix it?"
• Maybe in reply to: Darby Weaver: "ACL Question - Can you fix it?"
• Next in thread: Darby Weaver: "RE: ACL Question - Can you fix it?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Is the task that we're only supposed to encompass the hosts in the range of
16 -> 32? To do this generically without that restriction, it would be:

ip access-list extended DENY_EVEN
 deny ip 192.168.15.0 0.0.0.254 any
 permit ip any any

To restrict to just that range, it would be:

ip access-list extended DENY_EVEN
 deny ip 192.168.15.16 0.0.0.14 any
 permit ip any any

Right? The logic here being that in order for an address to be even, the
right-most bit must be set to zero. Then you figure out the rest as follows
(I'm sure there are a hundred processes to get to this - this would be mine
on a sheet of paper):

0 0 0 0 1 1 1 0
_ _ _ _ _ _ _ _

I've set to zero the bits that would take us outside of this range.
Obviously, if we're dealing with a range that's less than 32, it must be the
case that the binary 32 position and everything to the left of it must be
zero. So these are "I care" bits. I write these down as "0" over my little
placeholders. Binary positions 2, 4, and 8 (meaning second, third, and
fourth from right) can all be set to any value within this range, so they
are "don't care" bits. These are obviously recorded as a "1" over my
placeholders. Again, the binary 1 position must be set to zero in order for
the address to be even. Then you just do basic binary math to come up with
the decimal number 14.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Darby Weaver
Sent: Friday, December 07, 2007 5:53 PM
To: ccielab@groupstudy.com; cisco@groupstudy.com
Subject: ACL Question - Can you fix it?

Access Lists.

Assume that the 192.168.15.16/28 network has a
collection of Linux and Windows PCs on it. The
addressing scheme is such that the Linux PCs have the
addresses

192.168.15.17
192.168.15.19
192.168.15.21

and so on through to 192.168.15.29 (odds) while the
Windows PCs have the addresses

192.168.15.18
192.168.15.20
192.168.15.22

and so on through to 192.168.15.30 (even).

All the PCs connect to the core network via a router
on the same subnet.

One day all the Windows PCs get infected by a virus
and start sourcing large amounts of network traffic.
Your task is to create an access list to be used on
the router for the subnet which drops all network
traffic from the Windows PCs while allowing traffic
from the Linux PCs.

Can you create an ACL with just two access list
entries that will match traffic sourced from all the
Windows PCs and drop them while allowing all other
traffic?

• Next message: Bob Sinclair: "Re: Interesting question - I saw recently"
• Previous message: Roman Rodichev: "RE: ACL Question - Can you fix it?"
• Maybe in reply to: Darby Weaver: "ACL Question - Can you fix it?"
• Next in thread: Darby Weaver: "RE: ACL Question - Can you fix it?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST