Question on Cisco reverse Subnets

Discussion in 'Cisco' started by James Roper, Dec 16, 2003.

  1. James Roper

    James Roper Guest

    I hear it is a good idea to block incoming traffic with an IP address you
    are using in the inside.

    Acess-Rule 101 deny ip my.class.c.0 0.0.255 0.0.0.0 255.255.255.255

    But lets say I don't have a class C. Lets say I have a subnet
    64.125.217.120
    255.255.255.248

    What would the inverse subnet mask be?

    My Guess - can someone confirm
    00000000.00000000.00000000.00000111
    0.0.0.7 ?

    is this right?

    James Roper
     
    James Roper, Dec 16, 2003
    #1
    1. Advertising

  2. In article <6HKDb.31$>,
    James Roper <> wrote:
    :I hear it is a good idea to block incoming traffic with an IP address you
    :are using in the inside.

    :Acess-Rule 101 deny ip my.class.c.0 0.0.255 0.0.0.0 255.255.255.255

    You would usually use

    access-list 101 deny ip my.class.c.0 0.0.0.255 any


    :But lets say I don't have a class C. Lets say I have a subnet
    :64.125.217.120
    :255.255.255.248

    :What would the inverse subnet mask be?

    :My Guess - can someone confirm
    :00000000.00000000.00000000.00000111
    :0.0.0.7 ?

    :is this right?

    Yes. The wildcard mask XOR'd with the netmask should result in
    255.255.255.255.
    --
    Beware of bugs in the above code; I have only proved it correct,
    not tried it. -- Donald Knuth
     
    Walter Roberson, Dec 16, 2003
    #2
    1. Advertising

  3. James Roper

    James Roper Guest

    Looks like that worked. thanks

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:brnvu8$8lg$...
    > In article <6HKDb.31$>,
    > James Roper <> wrote:
    > :I hear it is a good idea to block incoming traffic with an IP address you
    > :are using in the inside.
    >
    > :Acess-Rule 101 deny ip my.class.c.0 0.0.255 0.0.0.0 255.255.255.255
    >
    > You would usually use
    >
    > access-list 101 deny ip my.class.c.0 0.0.0.255 any
    >
    >
    > :But lets say I don't have a class C. Lets say I have a subnet
    > :64.125.217.120
    > :255.255.255.248
    >
    > :What would the inverse subnet mask be?
    >
    > :My Guess - can someone confirm
    > :00000000.00000000.00000000.00000111
    > :0.0.0.7 ?
    >
    > :is this right?
    >
    > Yes. The wildcard mask XOR'd with the netmask should result in
    > 255.255.255.255.
    > --
    > Beware of bugs in the above code; I have only proved it correct,
    > not tried it. -- Donald Knuth
     
    James Roper, Dec 16, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A. Andrews

    cisco/DNP/SCADA and reverse telnet

    A. Andrews, Jan 8, 2004, in forum: Cisco
    Replies:
    0
    Views:
    651
    A. Andrews
    Jan 8, 2004
  2. A. Andrews

    Cisco reverse Telnet problem

    A. Andrews, Jan 15, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,650
    Hansang Bae
    Jan 21, 2004
  3. Toby

    Cisco 2522 reverse telnet

    Toby, Apr 21, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,924
  4. zii kell
    Replies:
    6
    Views:
    947
    zii kell
    Jun 12, 2007
  5. Replies:
    4
    Views:
    1,489
    Trendkill
    Aug 29, 2008
Loading...

Share This Page