From: Foster, Kristopher (KFoster@xxxxxxxxxxxxxxxxxxxx)
Date: Sat Apr 21 2001 - 19:02:40 GMT-3
I'll answer your two questions in reverse order, it will make more sense.
With wildcard masking we are counting _only_ the bits that can be either 1
or 0. So in my example below we are adding bits 1, 2 and 7 which gives us
67. The way a wildcard mask works is the complete opposite of a subnet
mask: a 1 bit in the mask means 'can be either 1 or 0' and a 0 bit in the
mask means 'must be exactly as stated'. Hopefully that wasn't more
confusing.
I've heard of people doing some simple math to invert a subnet mask to make
it a wildcard mask. Using your example of 255.255.192.0:
255 - 192 = 63 (0.0.63.255)
Doing it the long way with binary:
192 - 1100 0000, it's inverse is 0011 1111 (63 again)
Kris,
-----Original Message-----
From: Netguy [mailto:netguy73@yahoo.com]
Sent: April 21, 2001 5:53 PM
To: Foster, Kristopher
Subject: RE: ???Access-Lists???
two questions. first is kinda simple. whats your
easiest way to convert standard masking to wildcard
masking. for example mask 255.255.192.0. how would you
reverse it to a wild card the easiest way to get
0.0.X.255? where x is the unkown you have to calculate
from 192?
2nd. in the example below, isn't there 3,4,5,6, and 8
bits are matching, and the rest not matching making it
188? (sum of matching bits)
James
--- "Foster, Kristopher"
<KFoster@C1Communications.com> wrote:
> There is nothing special about about wildcard masks
> which match
> discontiguous bits. As long as you convert from
> binary to decimal and back
> again without error the router will be happy.
>
> example (simple):
> 192.168.128.0 to 192.168.131.255
> and
> 192.168.192.0 to 192.168.195.255
>
> The third octet is the one we're interested in.
> 128 - 1000 0000
> 131 - 1000 0011
> 192 - 1100 0000
> 195 - 1100 0011
>
> We can see that bit 8 is always set to 1, and bits
> 1, 2 and 7 are wild.
> 128 - 1000 0000
> 67 - 0100 0011
>
> Our wildcard mask would look like:
> 192.168.128.0 0.0.67.255
>
> Sorry I can't come up with a real document, hope
> this helps
>
> Kris,
>
> -----Original Message-----
> From: Netguy [mailto:netguy73@yahoo.com]
> Sent: April 21, 2001 5:29 PM
> To: Foster, Kristopher; 'JAY';
> ccielab@groupstudy.com
> Subject: RE: ???Access-Lists???
>
>
> Does anybody have a source on cisco web site or
> elsewhere on the web for summarizing weird access
> lists, that are discontiguous, if that makes any
> sense?
> like matching only bits 3 and 8 in octet 1, etc?
>
> Thanks in advance.
> --- "Foster, Kristopher"
> <KFoster@C1Communications.com> wrote:
> > 167.100.234.0 0.1.0.255
> > 182.245.1.1 0.0.0.0
> > 192.245.1.9 0.0.0.0
> > 197.100.234.0 0.0.1.255
> > 197.100.236.0 0.0.255.255
> >
> > This is the most effecient I can come up with. If
> > you also had
> > 197.100.237.x you could make the last two lines
> > 197.100.234.0 0.0.3.255.
> > You can't really do any trickery with 192.245.1.9
> > and 182.245.1.1..
> >
> > Hope this helps,
> >
> > Kris,
> >
> > -----Original Message-----
> > From: JAY [mailto:JInciong@earthlink.net]
> > Sent: April 21, 2001 2:31 PM
> > To: ccielab@groupstudy.com
> > Subject: ???Access-Lists???
> >
> >
> > Can anyone tell me the most efficient way to do
> > this.
> >
> > deny tftp, http, tcp, icmp 167.100.234.x
> >
> > deny tftp, http, tcp, icmp 167.101.234.x
> >
> > deny tftp, http, tcp, icmp 182.245.1.1
> >
> > deny tftp, http, tcp, icmp 192.245.1.9
> >
> > deny tftp, http, tcp, icmp 197.100.234.x
> >
> > deny tftp, http, tcp, icmp 197.100.235.x
> >
> > deny tftp, http, tcp, icmp 197.100.236.x
> >
> > TIA
> >
> > JAY
> > **Please
> > read:http://www.groupstudy.com/list/posting.html
> > **Please
> > read:http://www.groupstudy.com/list/posting.html
> >
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:53 GMT-3