From: Pierre-Alex (paguanel@hotmail.com)
Date: Sat Nov 26 2005 - 17:54:31 GMT-3
Thank you !
----- Original Message -----
From: "blodwick" <blodwick@columbus.rr.com>
To: "'Pierre-Alex'" <paguanel@hotmail.com>; "'Montiean'"
<noktes@bellsouth.net>; <ccielab@groupstudy.com>
Sent: Saturday, November 26, 2005 8:34 PM
Subject: RE: wildcard mask question
>I love these kinds of questions! Anyone who enjoys mathematics can
> appreciate the coolness of the flexibility of the wildcard mask in the
> IOS. At first it does not seem right since from the beginning we are
> taught about leftmost bits of a subnet mask indicating the "network"
> portion of the address, then the left over bit are the available host
> bits (excluding the network and broadcast). We also learned that in the
> beginning subnet masks had a fixed length; then later came the concept
> of variable length subnet masks. So naturally when we use go to use
> wildcard masks we stick with the same rules and simply invert your
> thought process and apply variable length masking from right to left
> instead of left to right, but the cool part is the wildcard mask does
> not have the same rules that an IP subnet mask has.
>
> If you want to make an access-list that defines the following nets -
> 192.168.1.0/24, 192.168.3.0/24, 192.168.5.0/24, and 192.168.7.0/24 you
> can do it in 1 statement, by not sticking to the contiguous bit model.
>
> access-list 101 permit ip any 192.168.1.0 0.0.6.255
>
> Or how about in one statement select only the following nets -
> 172.16.32.0/24, 172.16.36.0/24, 172.16.48.0/24, 172.16.52.0/24,
> 168.16.32.0/24, 168.16.36.0/24, 168.16.48.0/24, 168.16.52.0/24.
>
> access-list 102 permit ip any 168.16.32.0 4.0.20.0
>
> I used examples of course that fit nicely, but if a question asks you to
> do something like this and let's say one or two nets don't fit. You can
> throw in the ones that don't fit as initial deny statements and you'll
> probably still end up with less lines.
>
> ~ Brian L
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Pierre-Alex
> Sent: Friday, November 25, 2005 3:11 PM
> To: Montiean; ccielab@groupstudy.com
> Subject: Re: wildcard mask question
>
> Why not use an extended acces-list to match the mask also ?
>
> This way you don't have to worry about matching other prefix.
>
> You are doing exactly what was asked of you!
>
> access-list 100 permit 192.168.20.0 0.0.3.0 255.255.255.0 0.0.0.0
>
> Pierre
>
> ----- Original Message -----
> From: "Montiean" <noktes@bellsouth.net>
> To: <ccielab@groupstudy.com>
> Sent: Monday, October 31, 2005 12:24 AM
> Subject: wildcard mask question
>
>
>> Folks,
>> Just want to get the idea on wildcard mask using acl in the lab.
>> For an example, let say we need to use only one statement in acl to
> filter
>> routes below
>>
>> 192.168.20.0/24
>> 192.168.21.0/24
>> 192.168.22.0/24
>> 192.168.23.0/24
>>
>> So we can use either ways as below
>>
>> access-list 1 permit 192.168.20.0 0.0.3.0
>> or
>> access-list 1 permit 192.168.20.0 0.0.3.255
>>
>> The result is going to be the same but which way should be right in
> the
>> lab.
>> Any comments would be appreciate.
>>
>> Thanks,
>> Montiean
>>
>>
> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.362 / Virus Database: 267.13.7/182 - Release Date:
> 11/24/2005
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.362 / Virus Database: 267.13.8/183 - Release Date:
> 11/25/2005
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:08 GMT-3