From: Daniel Sheedy (dansheedy@gmx.net)
Date: Tue Sep 30 2003 - 07:05:38 GMT-3
Hi Paul,
Here is a document I had in my folder (no idea where it came from) but it is
great for this type of thing.
Cheers
Daniel Sheedy
Method for calculating complex route filters
Sometimes you are asked to filter a complex set of routes using as few lines
as possible. Here we will examine a way to calculate the subnet and
wildcard for such a scenario. With some practice, you should be able to
calculate any set in 5 minutes or less. I also recommend testing your
results in a lab setting, using loopbacks and distribute-lists.
For example, say we are asked to filter the following routes using a
one-line filter:
102.17.63.0
126.22.61.0
111.22.57.0
125.33.101.0
First, make a table as shown:
128
64
32
16
8
4
2
1
Result
Subnet
Wildcard Mask
Then, enter the decimal digits from the first octet in the left-hand column.
Convert each number to binary. I use Windows Calculator set to Scientific
Mode to do the conversion.
128
64
32
16
8
4
2
1
Result
102
0
1
1
0
0
1
1
0
126
0
1
1
1
1
1
1
0
111
0
1
1
0
1
1
1
1
125
0
1
1
1
1
1
0
1
Subnet
Wildcard Mask
In the binary area, column by column, apply the following rules:
1.. If the column is all 0's, the subnet is 0, and the mask is 0
2.. If the column is all 1's, the subnet is 1, and the mask is 0
3.. If the column is a mixture of 1's and 0's, the subnet is 0, and the
mask is 1.
The table should look like:
128
64
32
16
8
4
2
1
Result
102
0
1
1
0
0
1
1
0
126
0
1
1
1
1
1
1
0
111
0
1
1
0
1
1
1
1
125
0
1
1
1
1
1
0
1
Subnet
0
1
1
0
0
1
0
0
Wildcard Mask
0
0
0
1
1
0
1
1
Convert the binary Subnet and Wildcard Mask to decimal thus:
128
64
32
16
8
4
2
1
Result
102
0
1
1
0
0
1
1
0
126
0
1
1
1
1
1
1
0
111
0
1
1
0
1
1
1
1
125
0
1
1
1
1
1
0
1
Subnet
0
1
1
0
0
1
0
0
100
Wildcard Mask
0
0
0
1
1
0
1
1
27
So far, our filter looks like: 100.xxx.xxx.xxx 27.xxx.xxx.xxx
Our second octet needs to filter 17, 22 and 33. Using the same method, our
growing filter would become: 100.0.xxx.xxx 27.55.xxx.xxx
Third octet, 57, 61, 63 and 101 result in: 100.0.33.xxx
27.55.94.xxx
The final octet is easy, since we will allow anything. So our final result
becomes:
100.0.33.0 27.55.94.255
We can now create our access list:
Access-list 1 [permit | deny] 100.0.33.0 27.55.94.255
----- Original Message -----
From: "Casey, Paul (6822)" <Paul.Casey@o2.com>
To: <ccielab@groupstudy.com>
Sent: Tuesday, September 30, 2003 10:42 AM
Subject: RE: Access list filter in the shortest lines possible.
> > Hello,
> >
> > For example, say we are asked to filter the following routes using the
> > shortest nuber of lines possible
> >
> > 102.17.63.0
> > 126.22.61.0
> > 111.22.57.0
> > 125.33.101.0
> >
> > Can someone tell me the best access list to use to filter these
networks.
> >
> > Thanks in advance.
> > Kind regards.
> >
> >
> >
> >
>
>
>
****************************************************************************
************
>
> This E-mail is from O2. The E-mail and any files
> transmitted with it are confidential and may also be privileged and
intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorised direct or indirect dissemination, distribution or copying
> of this message and any attachments is strictly prohibited. If you have
> received the E-mail in error please notify postmaster@O2.com or
> telephone ++ 353 1 6095000.
>
>
****************************************************************************
*************
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:40 GMT-3