Re: Access list wildcard mask

From: Nigel Roy (nigel@xxxxxxxxxxxxxxxxx)
Date: Tue Mar 26 2002 - 10:48:20 GMT-3

• Next message: Peter van Oene: "Re: OSPF P bit"
• Previous message: Gerd Thuemmler: "Cat6000 with OC3 Interfaces as ATM Switch?"
• Maybe in reply to: yakout esmat: "Access list wildcard mask"
• Next in thread: Manny Gonzalez: "Re: Access list wildcard mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Ya,

These odd masks seem to catch people out regularly. The way you have to
look at them is comparing the numbers in binary format and seeing the bits
that change. In your example we need to list the networks that you want to
catch which are 52, 54, 56 and 58 in the third octet, the important point is
that we must not catch any others. If you look at the binary you will see
that only 3 bits actually change for these addresses, those are the bits we
need to wildcard and they are the 8, 4 and 2 bits. Unfortunately however
this catches all even networks between 48 and 62 so we can't do it in one
line. The logic we are using is that all bits that are not wildcarded must
remain the same.

This is the correct access list line

access-list 10 permit 198.5.52.0 0.0.14.0

We could do precisely what you want by using two lines as follows:

access-list 10 permit 198.5.52.0 0.0.2.0
access-list 10 permit 198.5.56.0 0.0.2.0

Both line specify that all bits must be the same except for the 2 bit in the
third octet, meaning it may be a 1 or it may be a 0 this gives us 52 and 54
in the first line and 56 and 58 in the second line.

Hope this makes sense

regards

Nigel

----- Original Message -----
From: "yakout esmat" <yesmat@iprimus.com.au>
To: <ccielab@groupstudy.com>
Sent: Tuesday, March 26, 2002 1:13 PM
Subject: Access list wildcard mask

> Hi all,
>
> I am still having problems with coming up with generic wildcard mask for
> blocking odd or even networks, my example:
>
> allow only even networks from 198.5.51.0/24 to 198.5.59.0/24
>
> I tried the following:
>
> access-list 10 permit 198.5.1.0 0.0.254.255 which should permit odd (no
> success)
>
> access-list 10 permit 198.5.0.0 0.0.254.255 which should permit even (no
> success)
>
> access-list 10 permit 0.0.0.0 255.255.254.255 should permit even (IT
WORKS)
>
> The way I see it, the concept is just the same in all the above examples,
> why last one works and not the others.
>
> Appreciate your input
>
> Ya

• Next message: Peter van Oene: "Re: OSPF P bit"
• Previous message: Gerd Thuemmler: "Cat6000 with OC3 Interfaces as ATM Switch?"
• Maybe in reply to: yakout esmat: "Access list wildcard mask"
• Next in thread: Manny Gonzalez: "Re: Access list wildcard mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:22 GMT-3