Re: wildcard

From: RIDNEY_M_LAUDIANO.TTSP@ts.tsuneishi.co.jp
Date: Fri Nov 25 2005 - 22:42:46 GMT-3

• Next message: Nguyen Hong Son: "Re: wildcard"
• Previous message: Grabler, Ross \(IT\): "RE: wildcard"
• Maybe in reply to: Grabler, Ross \(IT\): "wildcard"
• Next in thread: Nguyen Hong Son: "Re: wildcard"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi,

i'll give this a shot.

"Grabler, Ross \(IT\)" <Ross.Grabler@morganstanley.com> wrote on 11/26/2005
06:27:00 AM:

) Hi, I am trying to understand solution to the below problem

) Permit below in the minimal amount of lines in an acl, solution is
) below, I don't understand wildcard of 8, can someone explain? (this is
) from IE lab 17.

) 200.0.1.2
) 200.0.3.2
) 200.0.3.10
) 200.0.1.18
) 200.0.3.26
) 200.0.1.10
) 200.0.3.18
) 200.0.1.26

)
) solution

) access-list 1 deny 200.0.1.2 0.0.2.8

denies:
200.0.1.2
200.0.3.2
200.0.1.10
200.0.3.10

) access-list 1 deny 200.0.1.18 0.0.2.0

200.0.1.18
200.0.3.18

) access-list 1 deny 200.0.1.26 0.0.2.0

200.0.1.26
200.0.3.26

) access-list 1 permit any

explanation for access-list 1 deny 200.0.1.2 0.0.2.8

convert the 3rd and 4th octet of the addresses to binary and put into a table
decide what subnet and mask we will use for the access-list using the following
rules.
1. If the column is all 0’s, the subnet is 0, and the mask is 0
2. If the column is all 1’s, the subnet is 1, and the mask is 0
3. If the column is a mixture of 1’s and 0’s, the subnet is 0, and the mask is
1.

3rd octet (common numbers: 1 and 3)

 1 00000001
 3 00000011
 s 00000001 (1)
 m 00000010 (2)

4th octet (common numbers: 2 and 10)

 2 00000010
10 00001010
 s 00000010 (2)
 m 00001000 (8)

where s: subnet, m: mask for corresponding octet

the result would be:
access-list 1 deny 200.0.1.2 0.0.2.8

you can also use one line to deny all the above addresses:

access-list 1 deny 200.0.1.2 0.0.2.24

hope this helps!

ridney

) --------------------------------------------------------

) NOTICE: If received in error, please destroy and notify sender.
) Sender does not waive confidentiality or privilege, and use is prohibited.

) _______________________________________________________________________
) Subscription information may be found at:
) http://www.groupstudy.com/list/CCIELab.html

• Next message: Nguyen Hong Son: "Re: wildcard"
• Previous message: Grabler, Ross \(IT\): "RE: wildcard"
• Maybe in reply to: Grabler, Ross \(IT\): "wildcard"
• Next in thread: Nguyen Hong Son: "Re: wildcard"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:07 GMT-3