From: Tyson Scott (tscott@ipexpert.com)
Date: Tue Feb 17 2009 - 13:23:17 ARST
John,
What I said below is to bring clarification for the understanding of what
is/isn't included with the RFC.
For the test it would purely be a matter of how the question is worded.
That would then become a time to request clarification from the proctor if
you are unsure. From my experience it is not typically throttled down into
only one way of accomplishing tasks so a lot is left to interpretation at
times.
And it has always been said on netpro that unless a question says to not
have extra configuration extra configuration is typically acceptable.
Regards,
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: tscott@ipexpert.com
From: John Ciccone [mailto:ccie.ciccone@gmail.com]
Sent: Tuesday, February 17, 2009 10:13 AM
To: Tyson Scott
Cc: Alexandre Oliveira; Cisco certification
Subject: Re: Block RFC 1918 Addresses
Tyson,
Thanks, you bring up a good point. If we include the other addresses just
to be safe, could that be marked as incorrect? And more importantly, how
are the proctors with regard to clarifying exactly what is required of a
task?
John
On Tue, Feb 17, 2009 at 9:58 AM, Tyson Scott <tscott@ipexpert.com> wrote:
The 3 addresses are the only ones that are part of RFC 1918. 0.0.0.0/8 is
part of RFC1700. 169.254.0.0/16 is part of RFC 3330 - Special-Use IPv4
Addresses. You will also find 127.0.0.0/8 in this RFC. 224.0.0.0/4 is RFC
3171 but is included in 3330. Pray they only ask for RFC1918 as RFC 3330
includes a lot more ;) RFC 3330 is part of the Security exam now.
Often people include other addresses when they ask for 1918 but technically
it is only the three. If a question didn't say to include nothing else than
it can't hurt throwing everything you can think of right ;O
http://www.faqs.org/rfcs/rfc3330.html
Regards,
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Cell: +1.248.504.7309
Fax: +1.810.454.0130
Mailto: tscott@ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Alexandre Oliveira
Sent: Tuesday, February 17, 2009 9:35 AM
To: 'Cisco certification'
Subject: RES: Block RFC 1918 Addresses
I've found the same question in my studies. Some exercises inform that
RFC1918 should also include this:
deny 0.0.0.0/8 le 32
deny 10.0.0.0/8 le 32
deny 127.0.0.0/8 le 32
deny 169.254.0.0/16 le 32
deny 172.16.0.0/12 le 32
deny 192.0.2.0/24 le 32
deny 192.168.0.0/16 le 32
deny 224.0.0.0/3 le 32
permit 0.0.0.0/0 le 32
I mean, deny all "non-allowed" or private prefixes and then permit the rest.
Based on John's following e-mail, which group of address we must consider???
Thanks,
Alexandre.
-----Mensagem original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Em nome de John
Ciccone
Enviada em: terga-feira, 17 de fevereiro de 2009 11:12
Para: Cisco certification
Assunto: Block RFC 1918 Addresses
I recently took a vendors mock lab where the task asked block all RFC1918
adddress. So, I created an access-list and applied it to deny the
following:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
I've read RFC1918 from top to bottom, and the above addresses are the only
ones mentioned. However, upon checking my answers with the solutions, they
also included the following:
127.0.0.0/8
169.254.0.0/16
Now, while the above addresses are not valid internet addresses, they are
NOT RFC1918 addresses. If the question stated that I should block non valid
internet addresses, then I could see denying the two ip blocks above as
well. But even in that case, there are at least a half dozen more ipv4
blocks that are either not valid or not yet allocated for the internet.
My main question is this: If I get the same type of task on the actual lab,
what do I do? Will the questions be specific enough to leave no doubt
as to what they are looking for (not only for this type of questions, but
any others as well)? If there are any doubt's about what they are looking
for, how helpful will the proctor be in clarifying?
I am scheduled to take the lab in 3 weeks, so any help would be greatly
appreciated.
Thanks.
John
Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST