RE: ACL Question - Can you fix it? posted 12/08/2007
- Subject: RE: ACL Question - Can you fix it?
- From: "Darren Johnson" <dazza_johnson@xxxxxxxxxxx>
- Date: Sat, 8 Dec 2007 11:03:08 -0000
- Content-language: en-gb
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Received:X-YMail-OSG:From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:Thread-Index:Content-Language; b=KfiYaQeTJkcf7RMV4EthccHWwV6z4yWPSbzXTqNK0B6wuVNsm8TWo705lpnSHuJdf3zz5CvkRg414ceApvR7IFcw3ynWcYt+0CKB2nGEPEoIw1pomIc99wLuBz5bv5eVTCb9pHYHDMF2iGwlF8WXzIDq3sb0yKsFciQNR09d5YA= ;
- References: <firstname.lastname@example.org> <email@example.com>
- Thread-index: Acg5PWDONSJ5bzjWQh+rFk9FvqvVMwAR7HoQAAEdFIA=
Sorry, Abo but I think this is wrong. The ACL should only block (according
to original email):
Your ACL will also prevent all other hosts ending with an even number (which
is not required). For example, 192.168.15.2
Hope this makes sense?
we can use
permit ip 192.168.15.16 0.0.0.254 any --> to permit odd numbered Linux boxes
deny ip any any : to deny Windows machines --> not needed :)
From: Darren Johnson [mailto:dazza_johnson@xxxxxxxxxxx]
Sent: 08 December 2007 10:31
To: 'Darby Weaver'; 'ccielab@xxxxxxxxxxxxxx'; 'cisco@xxxxxxxxxxxxxx'
Subject: RE: ACL Question - Can you fix it?
Hey Darby, what better way to start the morning than with an ACL question
I got it down to 3 :-(
Permit 192.168.15.16 0.0.0.0
Deny 192.168.15.16 0.0.0.14
The 192.168.15.16 prevents me from using this 2-liner:
Deny 192.168.15.16 0.0.0.14
Do you know the answer?
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Sent: 08 December 2007 00:53
To: ccielab@xxxxxxxxxxxxxx; cisco@xxxxxxxxxxxxxx
Subject: ACL Question - Can you fix it?
Assume that the 192.168.15.16/28 network has a
collection of Linux and Windows PCs on it. The
addressing scheme is such that the Linux PCs have the
and so on through to 192.168.15.29 (odds) while the
Windows PCs have the addresses
and so on through to 192.168.15.30 (even).
All the PCs connect to the core network via a router
on the same subnet.
One day all the Windows PCs get infected by a virus
and start sourcing large amounts of network traffic.
Your task is to create an access list to be used on
the router for the subnet which drops all network
traffic from the Windows PCs while allowing traffic
from the Linux PCs.
Can you create an ACL with just two access list
entries that will match traffic sourced from all the
Windows PCs and drop them while allowing all other
Subscription information may be found at:
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com