Hi Peter, The wildcard mask basically prevents anyone from spoofing both of R2's "WAN" addresses: 24.2 and 26.2. Using 0.0.2.0, you can get these both in one line. Also R5, is included in the top line of the ACL, notice the mask 0.0.0.4. With the network of .1, the mask matches .1 and .5.
That being said, uRPF would probably be a cleaner solution and probably what I would have done as well :) On Thu, Dec 10, 2009 at 7:59 AM, FUCHS Peter <[email protected]>wrote: > Hi > I would need a helping hand to understand the following: > > Task: Configure R2 within AS1 to deny any traffic arriving from outside > AS1, but with a source IP address located within AS1 > My solution would have been to solve this via RPF strict mode as we have no > asymetric path here. > > But: > The proctor guide solves this with an access-list which is in my opinion > incomplete (loo 0 of R5 and /30 link to AS2 is missing) > Furthermore I don't understand the wildcard mask for the network > 150.50.24.0/30 which is in the guide 150.50.24.2 0.0.2.0 ? > Is this a typo or do I miss something here. For me the wildcard-mask > should be 150.50.24.2 0.0.0.0 as 0.0.0.3 would block also the ebgp source > address from AS3. > > > thanks for any help > best regards > peter > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Bryan Bartik CCIE #23707 (R&S, SP), CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
