RE: rip networks filtering

From: Scott Vermillion (scott_ccie_list@it-ag.com)
Date: Wed Dec 19 2007 - 13:43:30 ART

I don't think that's exactly correct Lora:

A mask of 0.0.6.255 says that in the third octet, I don't care what the
binary 4 and the binary 2 position is set to. However, I *do* care about
positions 8 thru 128 and *also* position 1. Since the network part had a
"1" asserted in the third octet, we're matching only the following
addresses:

199.16.1.0
199.16.3.0
199.16.5.0
199.16.7.0

These are the possible results with 8 thru 128 set to zero and 1 set to 1
(00000xx1). Thus, if we're permitting these and using the implicit deny at
the end, we're blocking 199.16.0.0, 2.0, 4.0, 6.0, and everything from 8.0
on up (not just evens out right, as we're also blocking all odds above 7.0).

Are you trying to block access from hosts in networks or are you trying to
block network advertisements? If the latter, could they possibly be doing
something stupid like 'no ip subnet zero' and then doing a simple:

permit 199.16.0.0 0.0.7.0
permit 199.16.8.0 0.0.0.0
  
??

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Lora
Ganeva
Sent: Wednesday, December 19, 2007 8:39 AM
To: Edison Ortiz; shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering

Hi,

 

See below:

 

 

199.16.1.0 ----199.16.00000001.0

Wildcard:

 

0.0.6.255 --C 0.0.00000110.0 (0 bexact match, 1 b donb care)b&so, with
this wildcard mask you say that the last bit should be always zero..(no even
subnets)

 

BR,

Lora

 

 

 

From: Edison Ortiz [mailto:edisonmortiz@gmail.com]
Sent: 19 PP5P:P5P<P2QP8 2007 P3. 17:34
To: Lora Ganeva; 'shiran guez'
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering

 

Ibm on the road. Ibll try it when I get some time and equipment to test
on.

If someone else has any suggestion in the meantime, feel free to contribute.

 

Edison Ortiz

Routing and Switching, CCIE # 17943

________________________________

From: Lora Ganeva [mailto:lganeva@mobiltel.bg]
Sent: Wednesday, December 19, 2007 10:12 AM
To: Edison Ortiz; shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering

 

Hi, Just try it.

 

And youbll seeL

 

 

 

 

From: Edison Ortiz [mailto:edisonmortiz@gmail.com]
Sent: 19 PP5P:P5P<P2QP8 2007 P3. 17:11
To: Lora Ganeva; 'shiran guez'
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering

 

No, that filters network 199.16.1.0-199.16.7.255 on the first ACL and
199.16.8.0-.255 on the second ACL b not just even networks.

 

Unless I misunderstood the requirement, that should cover it.

 

Edison Ortiz

Routing and Switching, CCIE # 17943

________________________________

From: Lora Ganeva [mailto:lganeva@mobiltel.bg]
Sent: Wednesday, December 19, 2007 9:53 AM
To: Edison Ortiz; shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering

 

This filters all even networksL

 

From: Edison Ortiz [mailto:edisonmortiz@gmail.com]
Sent: 19 PP5P:P5P<P2QP8 2007 P3. 16:43
To: Lora Ganeva; 'shiran guez'
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering

 

199.16.1.0 0.0.6.255

199.16.8.0 0.0.0.255

 

Edison Ortiz

Routing and Switching, CCIE # 17943

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Lora
Ganeva
Sent: Wednesday, December 19, 2007 8:44 AM
To: shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering

 

Hi all,

 

 

 

But 199.16.1.0 0.0.7.255??? this is actually 199.16.0.0 0.0.7.255 and the
zero

subnet has to be filtered.

 

 

 

BR,

 

Lora

 

 

 

From: shiran guez [mailto:shiranp3@gmail.com]

Sent: 19 dEKEMWRI 2007 G. 15:15

To: Lora Ganeva

Cc: ccielab@groupstudy.com

Subject: Re: rip networks filtering

 

 

 

my mistake didnt saw the range sign

 

 

 

Subodh given you the correct answer!

 

On Dec 19, 2007 2:11 PM, Lora Ganeva <lganeva@mobiltel.bg> wrote:

 

Hi experts,

 

 

 

I am experiencing some problems with the following task:

 

 

 

Two routers , let's say R1 and R2 are connected (media is not important,

let's say it is Ethernet)

 

 

 

R1 Eth1/0---------------150.1.1.0/24------------- Eth1/0 R2

 

 

 

R1:

 

 

 

Eth1/0

 

Ip add 150.1.1.1 <http://150.1.1.1/> 255.255.255.0 <http://255.255.255.0/>

 

 

 

R2:

 

Eth1/0

 

Ip add 150.1.1.2 <http://150.1.1.2/> 255.255.255.0 <http://255.255.255.0/>

 

 

 

Routers are running rip and R2 is advertising the following networks to

R1

 

 

 

 

 

199.16.0.0/24

 

199.16.1.0/24

 

199.16.2.0/24

 

199.16.3.0/24

 

199.16.4.0/24

 

199.16.5.0/24

 

199.16.6.0/24

 

199.16.7.0/24

 

199.16.8.0/24

 

199.16.10.0/24

 

199.16.11.0/24

 

199.16.12.0/24

 

199.16.13.0/24

 

199.16.14.0/24

 

199.16.15.0/24

 

 

 

The task requires by configuring only R1 (not interface level command)

to allow with an ACL with only 2 lines the following subnets:

 

 

 

 

 

199.16.1.0/24 - 199.16.8.0/24

 

 

 

I have though a lot of any kind of ACLs but i still haven't come to a

good solution.

 

 

 

Any help will be appreciated,

 

 

 

Thanks,

 

Lora

 

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:31 ARST