RE: ACL Mask Sanity Check

From: Mas Kato (loomis_towcar@xxxxxxxxxxxxxx)
Date: Sat Mar 30 2002 - 20:15:50 GMT-3

• Next message: Manny Gonzalez: "Lab Changes"
• Previous message: Lupi, Guy: "DLSw and Queueing"
• Maybe in reply to: Louis Krucker: "ACL Mask Sanity Check"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
[demime could not interpret encoding binary - treating as plain text]
John,

Stop beating yourself up. Your logic in this paragraph says it all:

"I use .126 because we want to match on 129, which in binary is
10000001. Invert this and it becomes 01111110, meaning we want
exact matches of 1 on the first and last bits and we don't care
about what's in the middle."

At this point, there is no need to even check the published solution. Your answ
er is air-tight and you know it's correct. As far as this particular subject is
 concerned, you're ready.

Regards,

Mas Kato
https://ecardfile.com/id/mkato

>Date: Fri, 29 Mar 2002 00:39:29 -0500
> ccielab@groupstudy.com John Neiberger <neiby@ureach.com> ACL Mask Sanity Chec
kReply-To: John Neiberger <neiby@ureach.com>
>
>A lab that I'm working on asks me to create the following
>access list:
>
>"Allow IP traffic from odd-numbered hosts on the
>172.16.80.128/25 network."
>
>My reasoning is this: since we want to match odd-numbered
>hosts the access-list should contain the first odd-numbered
>host and then the proper inverse mask:
>
>access-list 100 permit ip 172.16.80.129 0.0.0.126 any
>
>I use .126 because we want to match on 129, which in binary is
>10000001. Invert this and it becomes 01111110, meaning we want
>exact matches of 1 on the first and last bits and we don't care
>about what's in the middle.
>
>Now, the solution for the scenario has the following:
>
>access-list 100 permit ip 172.16.80.129 0.0.0.129 any
>
>I think they're accidentally using a non-inverted mask, but I
>wanted to run this past you guys just as a sanity check. I'm
>getting punch-drunk from studying so much lately.
>
>I *hate* this type of access list question. Who in their right
>mind would ever do something this stupid?? :-) "If you're an
>even-numbered host, we don't trust you, but if you're an odd-
>numbered host we'll let you go anywhere!"
>
>Thanks,
>John

• Next message: Manny Gonzalez: "Lab Changes"
• Previous message: Lupi, Guy: "DLSw and Queueing"
• Maybe in reply to: Louis Krucker: "ACL Mask Sanity Check"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:26 GMT-3