Lab2-sec 4.10

Sec 4.10 in Lab2 talks about even subnet filtering .
Can odd subnet filtering be achieved ?
If so , how ?

-meghan

Comments

  • Meghan,

    Filtering with an acl is just binary math. If we have a network of 172.16.0.0/16, and we have 256 /24 subnets, the following would permit only the odd subnets:

    access-list 1 permit 172.16.1.0 0.0.254.255

    A "1" bit in the wild-card mask means we don't care what that bit is in the subnet address (or host address) we are matching. A "0" bit in the wild-card mask means we _do_ care what that bit is - that bit needs to match the bit in our pattern: 172.16.1.0.

    The third octet of the pattern and mask can be represented in binary:

    00000001
    11111110

    And the addresses matched will be:

    xxxxxxx1

    where "x" means "don't care" and "1" means that bit must be 1, which will make the subnet an odd number.

    This acl would match 172.16.1.0/24, but would not match 172.16.2.0/24.

    Darrell
  • Thanks Darrell.

    your theory is extended to apply to any major network .
    an access-list as below permit only odd-number subnet in the 3rd octet .
    access-list 5 permit 0.0.1.0 255.255.254.255

    thanks,
    Meghan.
  • I had an even rack (book solution doesn't work if you have an even rack in the second octet), so I had to work out the problem based on filtering out the routes with an even second octet ADVERTISED by BB3.

    So what was advertised by BB3?

    Rack18SW1#sh ip route rip | i 254
    R 31.3.0.0 [120/1] via 204.12.18.254, 00:00:09, Vlan783
    R 31.2.0.0 [120/1] via 204.12.18.254, 00:00:09, Vlan783
    R 31.1.0.0 [120/1] via 204.12.18.254, 00:00:09, Vlan783
    R 31.0.0.0 [120/1] via 204.12.18.254, 00:00:09, Vlan783
    R 30.2.0.0 [120/1] via 204.12.18.254, 00:00:09, Vlan783
    R 30.3.0.0 [120/1] via 204.12.18.254, 00:00:09, Vlan783
    R 30.0.0.0 [120/1] via 204.12.18.254, 00:00:09, Vlan783
    R 30.1.0.0 [120/1] via 204.12.18.254, 00:00:09, Vlan783

    Since the first octet is either 30 or 31, the ACL that I used was:

    access-list 8 permit 30.0.0.0 1.254.255.255

    OCTET 1 30: 0001 1110
    OCTET 1 31: 0001 1111
    OCTET 1 MASK: 0000 0001

    OCTET 2 ODD: 0000 0001
    OCTET 2 MASK: 1111 1110 (254)

    Result:

    Rack18SW1#sh ip route rip | i 254
    R 31.3.0.0 [120/1] via 204.12.18.254, 00:00:25, Vlan783
    R 31.1.0.0 [120/1] via 204.12.18.254, 00:00:25, Vlan783
    R 30.3.0.0 [120/1] via 204.12.18.254, 00:00:25, Vlan783
    R 30.1.0.0 [120/1] via 204.12.18.254, 00:00:25, Vlan783
Sign In or Register to comment.