Mind answering his original question so I can break it down?
If I want to allow 192.168.1.0/24 and 10.178.5.0/24, but deny 126.96.36.199/24 in one ACL, how should I do?
Like what would the mask be?
permit 0.160.1.0 188.8.131.52 would be around the most efficient answer.
Basically 202 would work out to 11001010, the first part of the nimble would match 192 and the other part would match 10. and the rest can be eyeballed.
Though I should say again you'll never need to get this deep unless your in a CCIE Security lab :)
Ohhhh so you’re only matching on SUPER specific parts of the IP address (with an equivalent super specific wildcard mask)
Obv at the CCNA level it’s a lot more simple because you’re blocking bigger parts at or along classful boundaries.
Ie, /24 is a 0.0.0.255, /25 is a 0.0.0.127 etc.
Yup you got it!
Assume it's all consumer grade broadband how worried would you be?
If your running a SD-WAN with residential connections then you got other problems.
Also there is nothing stopping residential connections from blocking ports now, some block http etc to prevent residential hosting.
But none block outgoing that’s where the issues will arise it’s not the incoming connections but what you’re browsing to that’ll be the issue
Depends on the solution, if your giving the end user a firewall that is trying to connect back to the main office. Then your site to site VPN probably won’t work too well if ESP is blocked inbound.
However, I find it really ironic that r/Networking hasn't said anything about Net Neutrality.
Why? Isn't that something /r/politics should champion?
This is not in any way shape or form a technology discussion.
This is political medelling in something they don't understand.
The network doesn't care who pays for it.
I think it's up to us to clear out confusion or misleading information about what would happen were NN repealed.
Reality doesn't matter. That steaming pile of shit Ajit V. Pai is going to do whatever he is paid to do.
Just like the previously appointed steaming pile of shit. And the pile of shit before him.
Electing / Lobbying for or against or Impeaching political appointes is not a technology problem. It is a political problem.
/r/networking is a community of technologists. People of political power don't give a shit what technologists think or say. Just look at Global Warming. 3,000+ independent scientists have evidence that its a real problem. But the power-players with the really big checkbooks say it isn't. So it isn't.
Maybe we could work together to develop a glowingly clear explanation of the issues within and surrounding net neutrality. Maybe we could kick it up to /r/bestof or something. Maybe it could gather a million upvotes, and 100x Gold.
So fecking what?
It's fantastically clear that the FCC doesnt care about community feedback. They openly manipulated their own voting & feedback website and declared it a "hack".
We the people are so completly fucked now that corporate entities are "people" for the purposes of campaign contributions.
People don't have power. Money has power, and corporations like Comcast simply have more money than us.
The only way this works is if we can get half a dozen Giants of Public Opinion to champion the cause.
You get Bill Gates, Bill Nye, Lady Gaga, Mark Zuckerberg, Taylor Swift and Kanye to stare into a camera and explain what Net Neutrality is, and how it will directly impact their Social Media operations and why the Comcast-proposed legistlation is bad for the planet and you can MAYBE overpower the evil of Comcast.
But 50 nerds yelling at each other here in /r/networking isn't going to accomplish shit.
Bill Gates: 41M Twitter Followers
Bill Nye: 5M @ Twitter
Lady Gaga: 74M
Zuck: 98M Facebook Followers
TSwizzle: 96M Twitter
Cisco has a fairly flexible regex for its pipe commands.
The next level up is Terminal shell which has basic Linux utils like grep and cut.
If your on 16.6 then you can run a full RHEL shell so you can do awk and sed and whatever else.
On paper net neutrality is just doing the stuff we already do in the enterprise, we do pay the ISPs more for an MPLS connection that supports QoS etc. So a tiered internet isn’t all that unheard of, though things like support and service calls will get more complicated in this model for residentially.
Saying that no one trusts their residential internet so this will be seen as a pure money/power grab especially with the media conflict of interest.
Typically 3 years but there is nothing stopping Cisco from updating the test if they feel like it.
Saying that if you earn the ccent then your a ccent and will just need to pass the other exam to be a ccna if there is an update.
If a candidate does a cert properly by getting the proper prerequisite experience, doing all the studying and labbing everything then they will be a solid CCNP/CCIE/A+, of course cheating and paper certs is a thing which is why rigorous interviews are very important.
The thing is, the cert itself doesn't do any of this. That's what I'm saying (and you're agreeing) just having the cert means you can pass the test. It boils down to the soft process of interviewing to root out whether or not the candidate knows what they claim. The same can be discerned from another candidate who doesn't have a cert.
It is the framework for studying and the assumed knowledge that I'm arguing for. It helps prevent what I call the "D-link tech" where they just know what they know in their current job.
For example, if you work in a EIGRP only shop and only learned on the job then it is possible that you know nothing about OSPF, also along those lines is that places like NOCs analysts are notorious for skipping over fundamentals in favour of knowing what commands can make the ticket go away. But if you had a CCNA in the same position then it is reasonable to assume that you would at least know the basics.
The problem is most current certification tracks don't prove candidate knowledge, they prove candidate test ability. It's why you ban brain dumps here. If more certification tracks included at least a hands-on portion of the exam, this would be less of a gripe. You've said it yourself memorization and brain dumps cheapen the value of certs.
But if you had a CCNA in the same position then it is reasonable to assume that you would at least know the basics.
If that's the case, why not skip the technical portion of the interview and move straight to "will they fit in the team"?
Even hands on certs can be dumped, it wouldn't be hard to buy the latest RHCE exam if you wanted to. Hell even the CCDE was briefly leaked this year and that exam is only issued several times a year to control the exam (though Cisco went full scorched earth after that)
I wouldn't be surprised if Cisco exams eventually use VIRL or such to replace sims since it will let them make sims harder without much hassle. But certs should always test theory / fundamentals as well as lab stuff rather then just making the CCNA a smaller CCIE TShoot/Config lab.