From: Pierre-Alex (paguanel@hotmail.com)
Date: Sat Nov 26 2005 - 18:08:25 GMT-3
I meant this way you would get away from the smaller subnets (it's late ...)
----- Original Message -----
From: "Pierre-Alex" <paguanel@hotmail.com>
To: "blodwick" <blodwick@columbus.rr.com>; "'Montiean'"
<noktes@bellsouth.net>; <ccielab@groupstudy.com>
Sent: Saturday, November 26, 2005 10:06 PM
Subject: Re: wildcard mask question
> If the wildcard mask does not need to be contiguous then would not a
> better solution be:
>
> access-list 101 permit ip any 192.168.1.0 0.0.6.0 instead?
>
> This way you would get the smaller subnets!
>
>
>
>
> ----- Original Message -----
> From: "blodwick" <blodwick@columbus.rr.com>
> To: "'Pierre-Alex'" <paguanel@hotmail.com>; "'Montiean'"
> <noktes@bellsouth.net>; <ccielab@groupstudy.com>
> Sent: Saturday, November 26, 2005 8:34 PM
> Subject: RE: wildcard mask question
>
>
>>I love these kinds of questions! Anyone who enjoys mathematics can
>> appreciate the coolness of the flexibility of the wildcard mask in the
>> IOS. At first it does not seem right since from the beginning we are
>> taught about leftmost bits of a subnet mask indicating the "network"
>> portion of the address, then the left over bit are the available host
>> bits (excluding the network and broadcast). We also learned that in the
>> beginning subnet masks had a fixed length; then later came the concept
>> of variable length subnet masks. So naturally when we use go to use
>> wildcard masks we stick with the same rules and simply invert your
>> thought process and apply variable length masking from right to left
>> instead of left to right, but the cool part is the wildcard mask does
>> not have the same rules that an IP subnet mask has.
>>
>> If you want to make an access-list that defines the following nets -
>> 192.168.1.0/24, 192.168.3.0/24, 192.168.5.0/24, and 192.168.7.0/24 you
>> can do it in 1 statement, by not sticking to the contiguous bit model.
>>
>> access-list 101 permit ip any 192.168.1.0 0.0.6.255
>>
>> Or how about in one statement select only the following nets -
>> 172.16.32.0/24, 172.16.36.0/24, 172.16.48.0/24, 172.16.52.0/24,
>> 168.16.32.0/24, 168.16.36.0/24, 168.16.48.0/24, 168.16.52.0/24.
>>
>> access-list 102 permit ip any 168.16.32.0 4.0.20.0
>>
>> I used examples of course that fit nicely, but if a question asks you to
>> do something like this and let's say one or two nets don't fit. You can
>> throw in the ones that don't fit as initial deny statements and you'll
>> probably still end up with less lines.
>>
>> ~ Brian L
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Pierre-Alex
>> Sent: Friday, November 25, 2005 3:11 PM
>> To: Montiean; ccielab@groupstudy.com
>> Subject: Re: wildcard mask question
>>
>> Why not use an extended acces-list to match the mask also ?
>>
>> This way you don't have to worry about matching other prefix.
>>
>> You are doing exactly what was asked of you!
>>
>> access-list 100 permit 192.168.20.0 0.0.3.0 255.255.255.0 0.0.0.0
>>
>> Pierre
>>
>> ----- Original Message -----
>> From: "Montiean" <noktes@bellsouth.net>
>> To: <ccielab@groupstudy.com>
>> Sent: Monday, October 31, 2005 12:24 AM
>> Subject: wildcard mask question
>>
>>
>>> Folks,
>>> Just want to get the idea on wildcard mask using acl in the lab.
>>> For an example, let say we need to use only one statement in acl to
>> filter
>>> routes below
>>>
>>> 192.168.20.0/24
>>> 192.168.21.0/24
>>> 192.168.22.0/24
>>> 192.168.23.0/24
>>>
>>> So we can use either ways as below
>>>
>>> access-list 1 permit 192.168.20.0 0.0.3.0
>>> or
>>> access-list 1 permit 192.168.20.0 0.0.3.255
>>>
>>> The result is going to be the same but which way should be right in
>> the
>>> lab.
>>> Any comments would be appreciate.
>>>
>>> Thanks,
>>> Montiean
>>>
>>>
>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.1.362 / Virus Database: 267.13.7/182 - Release Date:
>> 11/24/2005
>>
>>
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Free Edition.
>> Version: 7.1.362 / Virus Database: 267.13.8/183 - Release Date:
>> 11/25/2005
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:08 GMT-3