From: Kristof Ulrix (kristof@uk-systems.com)
Date: Wed Mar 26 2003 - 13:33:18 GMT-3
Brian,
this looks right but it's not:
if we take a look at the first bytes:
Bytes to be selected in ACL:
165
167
175
Your solution is 165 with wildcard 10.
But:
network 165 10100101
mask 10 00001010
Matches:
165 10100101
167 10100111
173 10101101 <--- This was not requested
175 10101111
This means that the 173 network wil also be filtered.
For the third byte your solution has a wildcard 110 (01101110b)
It has 5 ones, this means 32 combinations will be filtered, and only 3 are
requested.
The correct solution has 2 lines in the ACL:
165.24.45.0 mask 2.0.2.255
175.28.65.0 mask 0.0.0.255
The AND-rule is correct for the network part,
but you can't use the XOR for the mask.
Kristof Ulrix
-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com]Namens Brian
McGahan
Verzonden: dinsdag 25 maart 2003 23:45
Aan: 'ccie_studying'; 'Scott M. Livingston'; ccielab@groupstudy.com
Onderwerp: RE: 1 aggregated ACL
To find a network and wildcard pair, you need to use the AND and XOR
logic gates.
A AND B
_____________
| A | B | out |
| 0 | 0 | 0 |
| 0 | 1 | 0 |
| 1 | 0 | 0 |
| 1 | 1 | 1 |
-------------
A XOR B
_____________
| A | B | out |
| 0 | 0 | 0 |
| 0 | 1 | 1 |
| 1 | 0 | 1 |
| 1 | 1 | 0 |
-------------
Write the networks out in binary you are trying to find the list for:
165.24.45.0
167.24.47.0
175.28.65.0
10100101.00011000.00101101.00000000
10100111.00011000.00101111.00000000
&& 10101111.00011100.01000001.00000000
------------------------------------------
10100101.00011000.00000001.00000000 = 165.24.1.0
ANDing them comes up with the network address.
10100101.00011000.00101101.00000000
10100111.00011000.00101111.00000000
XOR 10101111.00011100.01000001.00000000
------------------------------------------
00001010.00000100.01101110.00000000 = 10.4.110.0
XORing them comes up with the wildcard address.
Therefore, the most specific match for these three networks is:
165.24.1.0 10.4.110.0
Here's another of my threads on the same topic:
http://www.groupstudy.com/archives/ccielab/200210/msg02503.html
HTH
Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
Toll Free: 866.CyscoXP
Fax: 847.674.2625
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> ccie_studying
> Sent: Tuesday, March 25, 2003 2:37 PM
> To: Scott M. Livingston; ccielab@groupstudy.com
> Subject: Re: 1 aggregated ACL
>
> I think if only summary to one network, it should be:
>
> 164.24.32.0 with wildcard 15.7.15.255 or subnet mask 240.248.240.0
>
> ----- Original Message -----
> From: "Scott M. Livingston" <scottl@sprinthosting.net>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, March 25, 2003 11:26 AM
> Subject: 1 aggregated ACL
>
>
> > This was posted on another board so I wanted to check the answer
that
> > was given. It happens to be the same answer I came up with. Also,
if
> > someone has any other teasers maybe you can post them. I am using
the
> > formula Tim Fletcher taught those of us that were doing it another
way
> > (my wrong way :)).
> >
> > 165.24.45.0
> > 167.24.47.0
> > 175.28.65.0
> >
> >
> > Answer:
> > 165.24.1.0 mask 10.4.110.255
> >
> > thank you,
> > scott
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:44 GMT-3