From: subodh.rawat@wipro.com
Date: Thu Dec 20 2007 - 11:06:00 ART
Hi Lora, Now I have labbed this up and really gave up in two line
statement.
However, same can be achieved with three lines:
Permit 199.16.0.0 0.0.0.0
Deny 199.16.0.0 0.0.7.255
Deny 199.16.8.0 0.0.0.0
Probably, I am not aware about this trick to make it in two lines.
One more thing, we need to add one more line at the end "permit any"
So, this is highly impossible to achive it in two lines considering we
have to add one line in the end to permit any.
Anybody has any clue?
~Subodh
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lora Ganeva
Sent: Thursday, December 20, 2007 2:46 AM
To: Scott Vermillion; Edison Ortiz; shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
Hi Scott,
When i meant <our device> i was thinking about R1. I don't think that
the goal of this task is to write down some tricky ACL. That is actually
the reason why i have asked for help - i thought there was some more
clever solution than simple arithmetics. I was thinking of either
enabling RIP auto-summary or with the no ip subnet zero command...and of
course, putting some distribution list.
Unfortunately neither of the two solutions led to result - routes always
appeared in the routing table...
Rgrds,
Lora
________________________________
From: Scott Vermillion [mailto:scott_ccie_list@it-ag.com]
Sent: Wed 12/19/2007 7:41 PM
To: Lora Ganeva; 'Edison Ortiz'; 'shiran guez'
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
Perhaps you should quote the task word-for-word, as we seem to be having
difficulty tracking what you are trying to accomplish. I could have
swore that you said that the configuration was to be done on R1, which I
would think would qualify as "our device," but now I'm just totally
confused. As for your statement regarding route updates, naturally 'no
ip subnet-zero'
doesn't impact those *directly*. But sometimes you have to think about
what the task is really trying to get you to accomplish and then think
creatively to try to get to that place. If the task is about what ends
up in the route table, then your solution doesn't necessarily have to
deal directly with route updates. Looking at this strictly from a
binary perspective, I'm not sure how you can accomplish the task with a
two-line ACL. That's why it might be helpful for you to quote the task
directly...
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lora Ganeva
Sent: Wednesday, December 19, 2007 9:10 AM
To: Edison Ortiz; shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
Hi,
Subnet zero work only when configuring our device. It does not change
the route updatesL
From: Edison Ortiz [mailto:edisonmortiz@gmail.com]
Sent: 19 '%'V'\'V'^'S'b'Z 2007 'T. 17:59
To: Lora Ganeva; 'shiran guez'
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
Yes, makes sense now. Always nice to lab-up this XOR ACLs J
From the top of my head, I don!/t see how can we make this in 2 lines
unless there is something in the requirement that we are missing.
As other suggested, ip subnet-zero may just do it along with
199.16.0.0 0.0.7.255
199.16.8.0 0.0.0.255
Edison Ortiz
Routing and Switching, CCIE # 17943
________________________________
From: Lora Ganeva [mailto:lganeva@mobiltel.bg]
Sent: Wednesday, December 19, 2007 10:39 AM
To: Edison Ortiz; shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
Hi,
See below:
199.16.1.0 ----199.16.00000001.0
Wildcard:
0.0.6.255 --($0.0.00000110.0 (0 (Cexact match, 1 (C don!/ care)!-so,
with
this wildcard mask you say that the last bit should be always zero..(no
even
subnets)
BR,
Lora
From: Edison Ortiz [mailto:edisonmortiz@gmail.com]
Sent: 19 '%'V'\'V'^'S'b'Z 2007 'T. 17:34
To: Lora Ganeva; 'shiran guez'
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
I!/m on the road. I!/ll try it when I get some time and equipment to
test on.
If someone else has any suggestion in the meantime, feel free to
contribute.
Edison Ortiz
Routing and Switching, CCIE # 17943
________________________________
From: Lora Ganeva [mailto:lganeva@mobiltel.bg]
Sent: Wednesday, December 19, 2007 10:12 AM
To: Edison Ortiz; shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
Hi, Just try it.
And you!/ll seeL
From: Edison Ortiz [mailto:edisonmortiz@gmail.com]
Sent: 19 '%'V'\'V'^'S'b'Z 2007 'T. 17:11
To: Lora Ganeva; 'shiran guez'
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
No, that filters network 199.16.1.0-199.16.7.255 on the first ACL and
199.16.8.0-.255 on the second ACL (C not just even networks.
Unless I misunderstood the requirement, that should cover it.
Edison Ortiz
Routing and Switching, CCIE # 17943
________________________________
From: Lora Ganeva [mailto:lganeva@mobiltel.bg]
Sent: Wednesday, December 19, 2007 9:53 AM
To: Edison Ortiz; shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
This filters all even networksL
From: Edison Ortiz [mailto:edisonmortiz@gmail.com]
Sent: 19 '%'V'\'V'^'S'b'Z 2007 'T. 16:43
To: Lora Ganeva; 'shiran guez'
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
199.16.1.0 0.0.6.255
199.16.8.0 0.0.0.255
Edison Ortiz
Routing and Switching, CCIE # 17943
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lora Ganeva
Sent: Wednesday, December 19, 2007 8:44 AM
To: shiran guez
Cc: ccielab@groupstudy.com
Subject: RE: rip networks filtering
Hi all,
But 199.16.1.0 0.0.7.255??? this is actually 199.16.0.0 0.0.7.255 and
the zero
subnet has to be filtered.
BR,
Lora
From: shiran guez [mailto:shiranp3@gmail.com]
Sent: 19 dEKEMWRI 2007 G. 15:15
To: Lora Ganeva
Subject: Re: rip networks filtering
my mistake didnt saw the range sign
Subodh given you the correct answer!
On Dec 19, 2007 2:11 PM, Lora Ganeva <lganeva@mobiltel.bg> wrote:
Hi experts,
I am experiencing some problems with the following task:
Two routers , let's say R1 and R2 are connected (media is not important,
let's say it is Ethernet)
R1 Eth1/0---------------150.1.1.0/24------------- Eth1/0 R2
R1:
Eth1/0
Ip add 150.1.1.1 <http://150.1.1.1/> 255.255.255.0
<http://255.255.255.0/>
R2:
Eth1/0
Ip add 150.1.1.2 <http://150.1.1.2/> 255.255.255.0
<http://255.255.255.0/>
Routers are running rip and R2 is advertising the following networks to
R1
199.16.0.0/24
199.16.1.0/24
199.16.2.0/24
199.16.3.0/24
199.16.4.0/24
199.16.5.0/24
199.16.6.0/24
199.16.7.0/24
199.16.8.0/24
199.16.10.0/24
199.16.11.0/24
199.16.12.0/24
199.16.13.0/24
199.16.14.0/24
199.16.15.0/24
The task requires by configuring only R1 (not interface level command)
to allow with an ACL with only 2 lines the following subnets:
199.16.1.0/24 - 199.16.8.0/24
I have though a lot of any kind of ACLs but i still haven't come to a
good solution.
Any help will be appreciated,
Thanks,
Lora
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:31 ARST