Re: Block RFC 1918 Addresses

From: Darby Weaver (ccie.weaver@gmail.com)
Date: Tue Feb 17 2009 - 13:43:18 ARST

If the question said RFC1918 -

Then answer with RFC1918...

If the test writer did know the difference and marked you wrong...

Get the refund.

On Tue, Feb 17, 2009 at 10:23 AM, Tyson Scott <tscott@ipexpert.com> wrote:

> John,
>
>
>
> What I said below is to bring clarification for the understanding of what
> is/isn't included with the RFC.
>
>
>
> For the test it would purely be a matter of how the question is worded.
> That would then become a time to request clarification from the proctor if
> you are unsure. From my experience it is not typically throttled down into
> only one way of accomplishing tasks so a lot is left to interpretation at
> times.
>
>
>
> And it has always been said on netpro that unless a question says to not
> have extra configuration extra configuration is typically acceptable.
>
>
>
> Regards,
>
>
>
> Tyson Scott - CCIE #13513 R&S and Security
>
> Technical Instructor - IPexpert, Inc.
>
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: tscott@ipexpert.com
>
>
>
>
>
>
> From: John Ciccone [mailto:ccie.ciccone@gmail.com]
> Sent: Tuesday, February 17, 2009 10:13 AM
> To: Tyson Scott
> Cc: Alexandre Oliveira; Cisco certification
> Subject: Re: Block RFC 1918 Addresses
>
>
>
> Tyson,
>
>
>
> Thanks, you bring up a good point. If we include the other addresses just
> to be safe, could that be marked as incorrect? And more importantly, how
> are the proctors with regard to clarifying exactly what is required of a
> task?
>
>
>
> John
>
> On Tue, Feb 17, 2009 at 9:58 AM, Tyson Scott <tscott@ipexpert.com> wrote:
>
> The 3 addresses are the only ones that are part of RFC 1918. 0.0.0.0/8 is
> part of RFC1700. 169.254.0.0/16 is part of RFC 3330 - Special-Use IPv4
> Addresses. You will also find 127.0.0.0/8 in this RFC. 224.0.0.0/4 is
> RFC
> 3171 but is included in 3330. Pray they only ask for RFC1918 as RFC 3330
> includes a lot more ;) RFC 3330 is part of the Security exam now.
>
> Often people include other addresses when they ask for 1918 but technically
> it is only the three. If a question didn't say to include nothing else
> than
> it can't hurt throwing everything you can think of right ;O
>
> http://www.faqs.org/rfcs/rfc3330.html
>
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S and Security
>
> Technical Instructor - IPexpert, Inc.
>
> Telephone: +1.810.326.1444
>
> Cell: +1.248.504.7309
>
> Fax: +1.810.454.0130
>
> Mailto: tscott@ipexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Alexandre Oliveira
>
> Sent: Tuesday, February 17, 2009 9:35 AM
> To: 'Cisco certification'
>
> Subject: RES: Block RFC 1918 Addresses
>
> I've found the same question in my studies. Some exercises inform that
> RFC1918 should also include this:
>
> deny 0.0.0.0/8 le 32
> deny 10.0.0.0/8 le 32
> deny 127.0.0.0/8 le 32
> deny 169.254.0.0/16 le 32
> deny 172.16.0.0/12 le 32
> deny 192.0.2.0/24 le 32
> deny 192.168.0.0/16 le 32
> deny 224.0.0.0/3 le 32
> permit 0.0.0.0/0 le 32
>
> I mean, deny all "non-allowed" or private prefixes and then permit the
> rest.
> Based on John's following e-mail, which group of address we must
> consider???
>
> Thanks,
>
> Alexandre.
>
>
> -----Mensagem original-----
> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Em nome de John
> Ciccone
> Enviada em: terga-feira, 17 de fevereiro de 2009 11:12
> Para: Cisco certification
> Assunto: Block RFC 1918 Addresses
>
> I recently took a vendors mock lab where the task asked block all RFC1918
> adddress. So, I created an access-list and applied it to deny the
> following:
>
> 10.0.0.0/8
> 172.16.0.0/12
> 192.168.0.0/16
>
> I've read RFC1918 from top to bottom, and the above addresses are the only
> ones mentioned. However, upon checking my answers with the solutions, they
> also included the following:
>
> 127.0.0.0/8
> 169.254.0.0/16
>
> Now, while the above addresses are not valid internet addresses, they are
> NOT RFC1918 addresses. If the question stated that I should block non
> valid
> internet addresses, then I could see denying the two ip blocks above as
> well. But even in that case, there are at least a half dozen more ipv4
> blocks that are either not valid or not yet allocated for the internet.
>
> My main question is this: If I get the same type of task on the actual lab,
> what do I do? Will the questions be specific enough to leave no doubt
> as to what they are looking for (not only for this type of questions, but
> any others as well)? If there are any doubt's about what they are looking
> for, how helpful will the proctor be in clarifying?
>
> I am scheduled to take the lab in 3 weeks, so any help would be greatly
> appreciated.
>
> Thanks.
>
> John
>
>
> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST