RE: ACL Summerisation (Need help bigtime)

From: Scott Morris (swm@emanon.com)
Date: Fri Oct 03 2003 - 16:42:09 GMT-3

• Next message: Reisner, Tim: "RE: HSRP not working with Multicast"
• Previous message: ccie2be: "3550 - trunk config - allowed vlans"
• Maybe in reply to: Ken.Farrington@barclayscapital.com: "ACL Summerisation (Need help bigtime)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You have the general concept correct, but look at your answers...

In the first octet, you found 4 bits where you don't want to care. 2^4
means that you will have 16 possible values that match that (you are
only given four routes). The next two octets have 3 bits a piece.
That's a total of 10 bits difference along the way. So you are wanting
to put one single mask together that will match those four routes. Your
problem is that it will match 1,020 other routes as well!!!

When breaking them up into binary, you look at whether any of the ones
you are required to match have something in common, or few bits of
difference.

I'm not sure who came up with these particular routes to match here, but
the answer is to do them all individually, because the "extra matches"
far outweigh the number of statements to be able to put them together.
Binary is an art form, and it is very important to learn to color within
the lines.

I hope your dreams were far more exciting that this though! :)
 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP, JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ken.Farrington@barclayscapital.com
Sent: Friday, October 03, 2003 3:29 PM
To: ccielab@groupstudy.com
Subject: ACL Summerisation (Need help bigtime)

Friends,

can anyone explain to me in english how I would accomplish the
following, just getting way confused and need to lock this down in my
head once and for all (the actual logic) - im off to bed, as i have been
up since 4am, so u never know, i could be inspired in my dreams - hope
my dreasm are a little more exciting than that :)

I have these networks
121.10.17.0 /24
127.24.6.0 /24
122.35.35.0 /24
111.16.6.0 /24

------------------------------------------------------------------------
-
Q.
Using the minimal amount of config to allow these networks thru an ACL.
------------------------------------------------------------------------
-

Also, what would be the starting network and how to I get the starting
network

even when i put these in Binary, i am getting confused with the care and
dont care bits.

Lets take the first octet of each network
Care bit (indicated by the asterix)
(if there is a line with the same matching binary number, set this to to
the matched 1 or zero ie, if 0, set to zero, if 1, set to 1)
Dont Care Bit
(if there is a 0 or 1 in a line, set the bit to 1 )

      *** *
121 01111001
127 01111111
122 01111010
111 01101111

Care bits total 232 or is do the care bits total 104 ?
Dont care bits total 23

Lets take the second octet of each network
Care bit (indicated by the asterix)
(if there is a line with the same matching binary number, set this to to
the matched 1 or zero ie, if 0, set to zero, if 1, set to 1)
Dont Care Bit
(if there is a 0 or 1 in a line, set the bit to 1 )

      ** *
10 00001010
24 00011000
35 00100011
16 00010000

Care bits total 196 or do the care bits equal 0
Dont care bits total 63

Lets take the third octet of each network
Care bit (indicated by the asterix)
(if there is a line with the same matching binary number, set this to to
the matched 1 or zero ie, if 0, set to zero, if 1, set to 1)
Dont Care Bit
(if there is a 0 or 1 in a line, set the bit to 1 )

      ** *
17 00010001
6 00000110
35 00100011
6 00000110

Care bits total 200 or do the care bits equal 0
Dont care bits total 55

Lets take the fouth octet of each network
Care bit (indicated by the asterix)
(if there is a line with the same matching binary number, set this to to
the matched 1 or zero ie, if 0, set to zero, if 1, set to 1)
Dont Care Bit
(if there is a 0 or 1 in a line, set the bit to 1 )

      ********
0 00000000
0 00000000
0 00000000
0 00000000

Does the care bit equal 255 or zero
Dont care bit is 0

------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.

Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the

Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.

------------------------------------------------------------------------

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: Reisner, Tim: "RE: HSRP not working with Multicast"
• Previous message: ccie2be: "3550 - trunk config - allowed vlans"
• Maybe in reply to: Ken.Farrington@barclayscapital.com: "ACL Summerisation (Need help bigtime)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:56 GMT-3