RE: route filtering with wild-card mask

From: John Matus (john_matus@hotmail.com)
Date: Fri Jun 10 2005 - 00:20:58 GMT-3

• Next message: Scott Morris: "RE: route filtering with wild-card mask"
• Previous message: pwellington: "Re: Internetworkexpert COD"
• Maybe in reply to: John Matus: "route filtering with wild-card mask"
• Next in thread: Scott Morris: "RE: route filtering with wild-card mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

krud.....actually that was almost more confusing to me than helpful.....but
perhaps that's b/c i just got off of work :)
so you're saying -
access-list 1 deny 30.1.0.0 0.0.1.0 means that the 3rd bit can be
anything....
and
access-list deny 30.1.0.0 0.0.0.0 matches the 3rd bit exactly, which is
even?....

so then it is the best approach to permit even routes in the 3rd octet to
use:

permit 30.1.0.0 0.0.0.0

and the best way to permit only the odd routes would be to use:
deny 30.1.0.0 0.0.0.0
permit 30.1.0.0 0.0.1.0 ? is this correct scott?

>From: "Scott Morris" <swm@emanon.com>
>Reply-To: <swm@emanon.com>
>To: "'John Matus'"
><john_matus@hotmail.com>,<noble@inserviceindia.com>,<ccielab@groupstudy.com>
>Subject: RE: route filtering with wild-card mask
>Date: Wed, 8 Jun 2005 08:56:43 -0400
>
>Remember that a "1" bit in the wildcard mask means that you don't care what
>the value it. "0" bit means that it must stay the same...
>
>So let's look at your third octet:
>
>00000000 ==> This is what you are setting the starting bits there.
>00000001 ==> This is the mask you are using. (0.0.1.255)
>========
>0000000x ==> This is what you'll end up with. So a 0 or 1 can be in that
>least significant bit position there, which means 0 or 1 are the two
>values.
>Obviously one of those is even, one is odd.
>
>To get all even or odd numbers, you need to make sure that the least
>significant bit does NOT change ("0" in the wildcard mask). Anything else,
>you don't care about.
>
>So:
>
>00000000 ==> Starting point
>11111110 ==> Mask
>========
>Xxxxxxx0 ==> This will give you all EVEN networks since you started with
>an
>even number. Change to the 31.1.1.0 starting point and the same mask to
>get
>all ODD networks.
>
>HTH,
>
>Scott
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>John
>Matus
>Sent: Wednesday, June 08, 2005 2:29 AM
>To: noble@inserviceindia.com; ccielab@groupstudy.com
>Subject: RE: route filtering with wild-card mask
>
>noble........from what i remember reading that does make sense......like i
>said, you are matching anything in the third octed with the least
>significant bit turned on <for odd>.......but i was doing a lab last week
>and it worked just the oposite as expected.....hence my question. it's
>perplexing. i wonder if anyone else has had a similar experience with
>"deny
>30.1.0.0 0.0.1.255' denying the "even" routes instead of the odd
>
>john
>
> >From: "T. N. Noble" <noble@inserviceindia.com>
> >To: "'John Matus'" <john_matus@hotmail.com>,<ccielab@groupstudy.com>
> >Subject: RE: route filtering with wild-card mask
> >Date: Wed, 8 Jun 2005 08:44:16 +0300
> >
> >I have a different understanding of your question. "DENY ANYTHING WITH
>ODD
> >3rd OCTET" may be looked at based on the provided networks / all
>networks.
> >
> >If it is based on the provided network, then I believe that the ACL
> >"access-list 1 deny 30.1.0.0 0.0.1.255" is more correct.
> >
> >Further if it is looked up on based on all the networks then the ACL
>"deny
> >30.1.0.0 0.0.1.0" may be correct.
> >
> >I may be wrong but was trying to put my interpretation of your question.
> >
> >Thanks,
> >
> >Noble
> >
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> >John
> >Matus
> >Sent: 08 June 2005 07:57
> >To: ccielab@groupstudy.com
> >Subject: route filtering with wild-card mask
> >
> >ok,
> >you have networks 30.1.1.0 and 30.1.2.0. you want to deny anything
>with
> >an odd 3rd octed
> >
> >now, i alway thought that you the access-list should be:
> >
> >access-list 1 deny 30.1.0.0 0.0.1.255 since you are matching anything
> >with the last bit set to 1,
> >or
> >to deny any thing even you should use:
> >
> >access-list 1 deny 30.1.0.0 0.0.255.255 since only numbers with the least
> >significant bit set to zero are even................but lately when i've
> >been configuring offset-lists my findings have been just the opposite as
> >anticipated....
> >
> >it this correct?
> >
> >as a side note, in the 1st example you can actually use "deny 30.1.0.0
> >0.0.1.0" yeah? since you don't need to match the 1, 2, or 4th bit <?>
> >
> >just trying to get my fact nailed down!
> >
> >tia
> >
> >_________________________________________________________________
> >Dont just search. Find. Check out the new MSN Search!
> >http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
>
>_________________________________________________________________
>Dont just search. Find. Check out the new MSN Search!
>http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>

• Next message: Scott Morris: "RE: route filtering with wild-card mask"
• Previous message: pwellington: "Re: Internetworkexpert COD"
• Maybe in reply to: John Matus: "route filtering with wild-card mask"
• Next in thread: Scott Morris: "RE: route filtering with wild-card mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3