From: Pickell, Aaryn (Aaryn.Pickell@xxxxxxxxxxxxx)
Date: Fri Apr 06 2001 - 13:58:56 GMT-3
To permit every other host, you would simply set the final bit of the mask
to 0.
So, assuming that you want to permit all odd hosts in the 10.1.1.0 / 24
range, you would use:
access-list 1 permit 10.1.1.1 0.0.0.254
If you wanted to permit all even hosts, use:
access-list 1 permit 10.1.1.0 0.0.0.254
Just think about what the mask means: ignore these bit positions if there is
a 1. So, by putting a 0 in the final bit position, you force the acl to
match on that bit. If the address you use (10.1.1.1) ends in a 1, then only
addresses which end in a 1 will be permitted (those ending in a 0 will not
be permitted). The second line has an address which ends in a 0, so only
addresses which end in a 0 will be permitted, while those ending in a 1 will
not be permitted.
According to RFC, it is illegal to use a mask to address an interface which
has discontiguous 1s or 0s. (It must be in the form of 11110000, where all
the 1s are adjacent and all the 0s are adjacent.) But, it specifies that
for filters, you can use discontiguous bits in the mask, since this is just
used as a mathematical model. (See RFC 1812 for specifics.)
You can use this kind of thing to permit every fourth subnet. So, if you
wanted to permit 192.168.1.0, 192.168.5.0, 192.168.9.0, etc. Just have a 0
in the correct bit positions (left two), and it will match them. --->
0.0.252.255 = 00000000.00000000.11111100.11111111
So, I would guess that if you see a pattern to the networks you're supposed
to permit or deny, you might be able to combine several lines into one by
using this kind of masking system. Every other one... every fourth one...
two on two off (two lines of every fourth one each)... etc.
Aaryn Pickell - CCNP, CCDP, MCSE
Senior Engineer - Routing Protocols
Getronics Inc.
Direct: 713-394-1609
Email:aaryn.pickell@getronics.com
> -----Original Message-----
> From: Matt Harrison [mailto:m.harrison@wcom.com]
> Sent: Thursday, April 05, 2001 8:05 PM
> To: ccielab@groupstudy.com
> Subject: Odd/Even access-lists
>
>
> I have found some info on this where you could allow odd/even
> host addresses
> as well as Networks. Utilizing access-lists, but I have not
> found anything
> that is all that clear.
>
> I have never seen anything like this but I can imagine it
> showing up in a lab.
> Does anyone have any perspective or any clear explanation of this?
>
> A good link would not hurt.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:41 GMT-3