GroupStudy.com - CCIE, CCNA, CCNP and other Cisco Certifications

Home

BookStore

StudyNotes

Links

[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Subject: RE: ACL Question - Can you fix it?
From: "Darren Johnson" <dazza_johnson@xxxxxxxxxxx>
Date: Sat, 8 Dec 2007 11:03:08 -0000
Content-language: en-gb
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Received:X-YMail-OSG:From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:Thread-Index:Content-Language; b=KfiYaQeTJkcf7RMV4EthccHWwV6z4yWPSbzXTqNK0B6wuVNsm8TWo705lpnSHuJdf3zz5CvkRg414ceApvR7IFcw3ynWcYt+0CKB2nGEPEoIw1pomIc99wLuBz5bv5eVTCb9pHYHDMF2iGwlF8WXzIDq3sb0yKsFciQNR09d5YA= ;
References: <5a700c670712071631x62c73fbbu3fb672206b9b56f3@mail.gmail.com> <986781.88315.qm@web56801.mail.re3.yahoo.com>
Thread-index: Acg5PWDONSJ5bzjWQh+rFk9FvqvVMwAR7HoQAAEdFIA=

Sorry, Abo but I think this is wrong. The ACL should only block (according
to original email):

192.168.15.18
192.168.15.20
192.168.15.22
192.168.15.24
192.168.15.26
192.168.15.28
192.168.15.30

Your ACL will also prevent all other hosts ending with an even number (which
is not required). For example, 192.168.15.2

Hope this makes sense?
Dazzler

____________________________________________________________________________
________


Hi Derby 
 
we can use 
 
 
permit ip 192.168.15.16 0.0.0.254 any --> to permit odd numbered Linux boxes

deny ip any any : to deny Windows machines --> not needed :) 

 
best regards
~Abo Zaid


-----Original Message-----
From: Darren Johnson [mailto:dazza_johnson@xxxxxxxxxxx] 
Sent: 08 December 2007 10:31
To: 'Darby Weaver'; 'ccielab@xxxxxxxxxxxxxx'; 'cisco@xxxxxxxxxxxxxx'
Subject: RE: ACL Question - Can you fix it?

Hey Darby, what better way to start the morning than with an ACL question
;-)

I got it down to 3 :-(

Permit 192.168.15.16 0.0.0.0
Deny 192.168.15.16 0.0.0.14
Perit any

The 192.168.15.16 prevents me from using this 2-liner:

Deny 192.168.15.16 0.0.0.14
Perit any

Do you know the answer?

Dazzler

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Darby Weaver
Sent: 08 December 2007 00:53
To: ccielab@xxxxxxxxxxxxxx; cisco@xxxxxxxxxxxxxx
Subject: ACL Question - Can you fix it?

Access Lists. 

Assume that the 192.168.15.16/28 network has a
collection of Linux and Windows PCs on it. The
addressing scheme is such that the Linux PCs have the
addresses

192.168.15.17
192.168.15.19
192.168.15.21

and so on through to 192.168.15.29 (odds) while the
Windows PCs have the addresses

192.168.15.18
192.168.15.20
192.168.15.22

and so on through to 192.168.15.30 (even).

All the PCs connect to the core network via a router
on the same subnet.

One day all the Windows PCs get infected by a virus
and start sourcing large amounts of network traffic.
Your task is to create an access list to be used on
the router for the subnet which drops all network
traffic from the Windows PCs while allowing traffic
from the Linux PCs.

Can you create an ACL with just two access list
entries that will match traffic sourced from all the
Windows PCs and drop them while allowing all other
traffic?

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html


	
	
		
___________________________________________________________ 
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com

References:
- ACL Question - Can you fix it?
  - From: Darby Weaver

Prev by Date: RE: ospf intra are route filtering
Next by Date: Re: VOICE ie: 2801 router CME image
Previous by thread: RE: ACL Question - Can you fix it?
Next by thread: IE WB 4.1 Lab 20 Task 1.2
Index(es):
- Date
- Thread