From: Darby Weaver (darbyweaver@yahoo.com)
Date: Sat Dec 08 2007 - 01:06:32 ART
Restricting the range is the correct answer.
So your second answer is on the money.
The first answer would be good if we said deny all
even addresses.
--- Scott Vermillion <scott_ccie_list@it-ag.com>
wrote:
> Is the task that we're only supposed to encompass
> the hosts in the range of
> 16 -> 32? To do this generically without that
> restriction, it would be:
>
> ip access-list extended DENY_EVEN
> deny ip 192.168.15.0 0.0.0.254 any
> permit ip any any
>
>
> To restrict to just that range, it would be:
>
>
> ip access-list extended DENY_EVEN
> deny ip 192.168.15.16 0.0.0.14 any
> permit ip any any
>
> Right? The logic here being that in order for an
> address to be even, the
> right-most bit must be set to zero. Then you figure
> out the rest as follows
> (I'm sure there are a hundred processes to get to
> this - this would be mine
> on a sheet of paper):
>
> 0 0 0 0 1 1 1 0
> _ _ _ _ _ _ _ _
>
> I've set to zero the bits that would take us outside
> of this range.
> Obviously, if we're dealing with a range that's less
> than 32, it must be the
> case that the binary 32 position and everything to
> the left of it must be
> zero. So these are "I care" bits. I write these
> down as "0" over my little
> placeholders. Binary positions 2, 4, and 8 (meaning
> second, third, and
> fourth from right) can all be set to any value
> within this range, so they
> are "don't care" bits. These are obviously recorded
> as a "1" over my
> placeholders. Again, the binary 1 position must be
> set to zero in order for
> the address to be even. Then you just do basic
> binary math to come up with
> the decimal number 14.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> Darby Weaver
> Sent: Friday, December 07, 2007 5:53 PM
> To: ccielab@groupstudy.com; cisco@groupstudy.com
> Subject: ACL Question - Can you fix it?
>
> Access Lists.
>
> Assume that the 192.168.15.16/28 network has a
> collection of Linux and Windows PCs on it. The
> addressing scheme is such that the Linux PCs have
> the
> addresses
>
> 192.168.15.17
> 192.168.15.19
> 192.168.15.21
>
> and so on through to 192.168.15.29 (odds) while the
> Windows PCs have the addresses
>
> 192.168.15.18
> 192.168.15.20
> 192.168.15.22
>
> and so on through to 192.168.15.30 (even).
>
> All the PCs connect to the core network via a router
> on the same subnet.
>
> One day all the Windows PCs get infected by a virus
> and start sourcing large amounts of network traffic.
> Your task is to create an access list to be used on
> the router for the subnet which drops all network
> traffic from the Windows PCs while allowing traffic
> from the Linux PCs.
>
> Can you create an ACL with just two access list
> entries that will match traffic sourced from all the
> Windows PCs and drop them while allowing all other
> traffic?
>
>
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST