RES: Block RFC 1918 Addresses

From: Alexandre Oliveira (busa@uol.com.br)
Date: Tue Feb 17 2009 - 12:34:35 ARST

• Next message: Nauman Habib: "Re: Does virtual Link requires Authentication?"
• Previous message: Ravi Singh: "Re: 101101111110111 -->> I'm in the "Club""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've found the same question in my studies. Some exercises inform that
RFC1918 should also include this:

deny 0.0.0.0/8 le 32
deny 10.0.0.0/8 le 32
deny 127.0.0.0/8 le 32
deny 169.254.0.0/16 le 32
deny 172.16.0.0/12 le 32
deny 192.0.2.0/24 le 32
deny 192.168.0.0/16 le 32
deny 224.0.0.0/3 le 32
permit 0.0.0.0/0 le 32

I mean, deny all "non-allowed" or private prefixes and then permit the rest.
Based on John's following e-mail, which group of address we must consider???

Thanks,

Alexandre.

-----Mensagem original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Em nome de John
Ciccone
Enviada em: terga-feira, 17 de fevereiro de 2009 11:12
Para: Cisco certification
Assunto: Block RFC 1918 Addresses

I recently took a vendors mock lab where the task asked block all RFC1918
adddress. So, I created an access-list and applied it to deny the
following:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

I've read RFC1918 from top to bottom, and the above addresses are the only
ones mentioned. However, upon checking my answers with the solutions, they
also included the following:

127.0.0.0/8
169.254.0.0/16

Now, while the above addresses are not valid internet addresses, they are
NOT RFC1918 addresses. If the question stated that I should block non valid
internet addresses, then I could see denying the two ip blocks above as
well. But even in that case, there are at least a half dozen more ipv4
blocks that are either not valid or not yet allocated for the internet.

My main question is this: If I get the same type of task on the actual lab,
what do I do? Will the questions be specific enough to leave no doubt
 as to what they are looking for (not only for this type of questions, but
any others as well)? If there are any doubt's about what they are looking
for, how helpful will the proctor be in clarifying?

I am scheduled to take the lab in 3 weeks, so any help would be greatly
appreciated.

Thanks.

John

Blogs and organic groups at http://www.ccie.net

• Next message: Nauman Habib: "Re: Does virtual Link requires Authentication?"
• Previous message: Ravi Singh: "Re: 101101111110111 -->> I'm in the "Club""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST