Re: Block RFC 1918 Addresses

From: Rich Collins (nilsi2002@gmail.com)
Date: Tue Feb 17 2009 - 14:12:13 ARST

• Next message: ENVULADU TSAKU: "CCIE#23529"
• Previous message: Peter Kurdziel: "Re: port-security mac count"
• Maybe in reply to: John Ciccone: "Block RFC 1918 Addresses"
• Next in thread: Tyson Scott: "RE: Block RFC 1918 Addresses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've seen the RFC 3330 mentioned before in posts. Would someone know
the definitive access list for that one?

-Rich

On Tue, Feb 17, 2009 at 10:43 AM, Darby Weaver <ccie.weaver@gmail.com> wrote:
> If the question said RFC1918 -
>
> Then answer with RFC1918...
>
> If the test writer did know the difference and marked you wrong...
>
> Get the refund.
>
>
>
>
> On Tue, Feb 17, 2009 at 10:23 AM, Tyson Scott <tscott@ipexpert.com> wrote:
>
>> John,
>>
>>
>>
>> What I said below is to bring clarification for the understanding of what
>> is/isn't included with the RFC.
>>
>>
>>
>> For the test it would purely be a matter of how the question is worded.
>> That would then become a time to request clarification from the proctor if
>> you are unsure. From my experience it is not typically throttled down into
>> only one way of accomplishing tasks so a lot is left to interpretation at
>> times.
>>
>>
>>
>> And it has always been said on netpro that unless a question says to not
>> have extra configuration extra configuration is typically acceptable.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Tyson Scott - CCIE #13513 R&S and Security
>>
>> Technical Instructor - IPexpert, Inc.
>>
>>
>> Telephone: +1.810.326.1444
>> Fax: +1.810.454.0130
>> Mailto: tscott@ipexpert.com
>>
>>
>>
>>
>>
>>
>> From: John Ciccone [mailto:ccie.ciccone@gmail.com]
>> Sent: Tuesday, February 17, 2009 10:13 AM
>> To: Tyson Scott
>> Cc: Alexandre Oliveira; Cisco certification
>> Subject: Re: Block RFC 1918 Addresses
>>
>>
>>
>> Tyson,
>>
>>
>>
>> Thanks, you bring up a good point. If we include the other addresses just
>> to be safe, could that be marked as incorrect? And more importantly, how
>> are the proctors with regard to clarifying exactly what is required of a
>> task?
>>
>>
>>
>> John
>>
>> On Tue, Feb 17, 2009 at 9:58 AM, Tyson Scott <tscott@ipexpert.com> wrote:
>>
>> The 3 addresses are the only ones that are part of RFC 1918. 0.0.0.0/8 is
>> part of RFC1700. 169.254.0.0/16 is part of RFC 3330 - Special-Use IPv4
>> Addresses. You will also find 127.0.0.0/8 in this RFC. 224.0.0.0/4 is
>> RFC
>> 3171 but is included in 3330. Pray they only ask for RFC1918 as RFC 3330
>> includes a lot more ;) RFC 3330 is part of the Security exam now.
>>
>> Often people include other addresses when they ask for 1918 but technically
>> it is only the three. If a question didn't say to include nothing else
>> than
>> it can't hurt throwing everything you can think of right ;O
>>
>> http://www.faqs.org/rfcs/rfc3330.html
>>
>>
>> Regards,
>>
>> Tyson Scott - CCIE #13513 R&S and Security
>>
>> Technical Instructor - IPexpert, Inc.
>>
>> Telephone: +1.810.326.1444
>>
>> Cell: +1.248.504.7309
>>
>> Fax: +1.810.454.0130
>>
>> Mailto: tscott@ipexpert.com
>>
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Alexandre Oliveira
>>
>> Sent: Tuesday, February 17, 2009 9:35 AM
>> To: 'Cisco certification'
>>
>> Subject: RES: Block RFC 1918 Addresses
>>
>> I've found the same question in my studies. Some exercises inform that
>> RFC1918 should also include this:
>>
>> deny 0.0.0.0/8 le 32
>> deny 10.0.0.0/8 le 32
>> deny 127.0.0.0/8 le 32
>> deny 169.254.0.0/16 le 32
>> deny 172.16.0.0/12 le 32
>> deny 192.0.2.0/24 le 32
>> deny 192.168.0.0/16 le 32
>> deny 224.0.0.0/3 le 32
>> permit 0.0.0.0/0 le 32
>>
>> I mean, deny all "non-allowed" or private prefixes and then permit the
>> rest.
>> Based on John's following e-mail, which group of address we must
>> consider???
>>
>> Thanks,
>>
>> Alexandre.
>>
>>
>> -----Mensagem original-----
>> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Em nome de John
>> Ciccone
>> Enviada em: terga-feira, 17 de fevereiro de 2009 11:12
>> Para: Cisco certification
>> Assunto: Block RFC 1918 Addresses
>>
>> I recently took a vendors mock lab where the task asked block all RFC1918
>> adddress. So, I created an access-list and applied it to deny the
>> following:
>>
>> 10.0.0.0/8
>> 172.16.0.0/12
>> 192.168.0.0/16
>>
>> I've read RFC1918 from top to bottom, and the above addresses are the only
>> ones mentioned. However, upon checking my answers with the solutions, they
>> also included the following:
>>
>> 127.0.0.0/8
>> 169.254.0.0/16
>>
>> Now, while the above addresses are not valid internet addresses, they are
>> NOT RFC1918 addresses. If the question stated that I should block non
>> valid
>> internet addresses, then I could see denying the two ip blocks above as
>> well. But even in that case, there are at least a half dozen more ipv4
>> blocks that are either not valid or not yet allocated for the internet.
>>
>> My main question is this: If I get the same type of task on the actual lab,
>> what do I do? Will the questions be specific enough to leave no doubt
>> as to what they are looking for (not only for this type of questions, but
>> any others as well)? If there are any doubt's about what they are looking
>> for, how helpful will the proctor be in clarifying?
>>
>> I am scheduled to take the lab in 3 weeks, so any help would be greatly
>> appreciated.
>>
>> Thanks.
>>
>> John
>>
>>
>> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: ENVULADU TSAKU: "CCIE#23529"
• Previous message: Peter Kurdziel: "Re: port-security mac count"
• Maybe in reply to: John Ciccone: "Block RFC 1918 Addresses"
• Next in thread: Tyson Scott: "RE: Block RFC 1918 Addresses"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST