RE: route filtering with wild-card mask
From: Scott Morris (swm@emanon.com)
Date: Wed Jun 08 2005 - 09:56:43 GMT-3
Remember that a "1" bit in the wildcard mask means that you don't care what
the value it. "0" bit means that it must stay the same...
So let's look at your third octet:
00000000 ==> This is what you are setting the starting bits there.
00000001 ==> This is the mask you are using. (0.0.1.255)
========
0000000x ==> This is what you'll end up with. So a 0 or 1 can be in that
least significant bit position there, which means 0 or 1 are the two values.
Obviously one of those is even, one is odd.
To get all even or odd numbers, you need to make sure that the least
significant bit does NOT change ("0" in the wildcard mask). Anything else,
you don't care about.
So:
00000000 ==> Starting point
11111110 ==> Mask
========
Xxxxxxx0 ==> This will give you all EVEN networks since you started with an
even number. Change to the 31.1.1.0 starting point and the same mask to get
all ODD networks.
HTH,
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Matus
Sent: Wednesday, June 08, 2005 2:29 AM
To: noble@inserviceindia.com; ccielab@groupstudy.com
Subject: RE: route filtering with wild-card mask
noble........from what i remember reading that does make sense......like i
said, you are matching anything in the third octed with the least
significant bit turned on <for odd>.......but i was doing a lab last week
and it worked just the oposite as expected.....hence my question. it's
perplexing. i wonder if anyone else has had a similar experience with "deny
30.1.0.0 0.0.1.255' denying the "even" routes instead of the odd
john
>From: "T. N. Noble" <noble@inserviceindia.com>
>To: "'John Matus'" <john_matus@hotmail.com>,<ccielab@groupstudy.com>
>Subject: RE: route filtering with wild-card mask
>Date: Wed, 8 Jun 2005 08:44:16 +0300
>
>I have a different understanding of your question. "DENY ANYTHING WITH ODD
>3rd OCTET" may be looked at based on the provided networks / all networks.
>
>If it is based on the provided network, then I believe that the ACL
>"access-list 1 deny 30.1.0.0 0.0.1.255" is more correct.
>
>Further if it is looked up on based on all the networks then the ACL "deny
>30.1.0.0 0.0.1.0" may be correct.
>
>I may be wrong but was trying to put my interpretation of your question.
>
>Thanks,
>
>Noble
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>John
>Matus
>Sent: 08 June 2005 07:57
>To: ccielab@groupstudy.com
>Subject: route filtering with wild-card mask
>
>ok,
>you have networks 30.1.1.0 and 30.1.2.0. you want to deny anything with
>an odd 3rd octed
>
>now, i alway thought that you the access-list should be:
>
>access-list 1 deny 30.1.0.0 0.0.1.255 since you are matching anything
>with the last bit set to 1,
>or
>to deny any thing even you should use:
>
>access-list 1 deny 30.1.0.0 0.0.255.255 since only numbers with the least
>significant bit set to zero are even................but lately when i've
>been configuring offset-lists my findings have been just the opposite as
>anticipated....
>
>it this correct?
>
>as a side note, in the 1st example you can actually use "deny 30.1.0.0
>0.0.1.0" yeah? since you don't need to match the 1, 2, or 4th bit <?>
>
>just trying to get my fact nailed down!
>
>tia
>
>_________________________________________________________________
>Don�t just search. Find. Check out the new MSN Search!
>http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
This archive was generated by hypermail 2.1.4
: Wed Jul 06 2005 - 14:43:41 GMT-3