From: blodwick (blodwick@columbus.rr.com)
Date: Sun Nov 27 2005 - 18:12:42 GMT-3
Yea, I agree. Now looking back at my examples I was not very descriptive
in what I was requiring. I said "nets" which is a little vague. If the
question were asking me to filter ONLY the /24 routes from the list, a
0.0.6.0 mask would work nicely since the /24 routes would arrive with a
zero in the last octet.
If the question asked me to filter any routes of /24 or smaller, or if
it were asking me to filter on an interface anything from within those
/24s I would use the 0.0.6.255 mask.
If I got this in the exam I'd go to the proctor and ask if "nets" meant
they only wanted the /24s filtered.
~Brian L
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Pierre-Alex
Sent: Saturday, November 26, 2005 4:08 PM
To: Pierre-Alex; blodwick; 'Montiean'; ccielab@groupstudy.com
Subject: Re: wildcard mask question
I meant this way you would get away from the smaller subnets (it's late
...)
----- Original Message -----
From: "Pierre-Alex" <paguanel@hotmail.com>
To: "blodwick" <blodwick@columbus.rr.com>; "'Montiean'"
<noktes@bellsouth.net>; <ccielab@groupstudy.com>
Sent: Saturday, November 26, 2005 10:06 PM
Subject: Re: wildcard mask question
> If the wildcard mask does not need to be contiguous then would not a
> better solution be:
>
> access-list 101 permit ip any 192.168.1.0 0.0.6.0 instead?
>
> This way you would get the smaller subnets!
>
>
>
>
> ----- Original Message -----
> From: "blodwick" <blodwick@columbus.rr.com>
> To: "'Pierre-Alex'" <paguanel@hotmail.com>; "'Montiean'"
> <noktes@bellsouth.net>; <ccielab@groupstudy.com>
> Sent: Saturday, November 26, 2005 8:34 PM
> Subject: RE: wildcard mask question
>
>
>>I love these kinds of questions! Anyone who enjoys mathematics can
>> appreciate the coolness of the flexibility of the wildcard mask in
the
>> IOS. At first it does not seem right since from the beginning we are
>> taught about leftmost bits of a subnet mask indicating the "network"
>> portion of the address, then the left over bit are the available host
>> bits (excluding the network and broadcast). We also learned that in
the
>> beginning subnet masks had a fixed length; then later came the
concept
>> of variable length subnet masks. So naturally when we use go to use
>> wildcard masks we stick with the same rules and simply invert your
>> thought process and apply variable length masking from right to left
>> instead of left to right, but the cool part is the wildcard mask does
>> not have the same rules that an IP subnet mask has.
>>
>> If you want to make an access-list that defines the following nets -
>> 192.168.1.0/24, 192.168.3.0/24, 192.168.5.0/24, and 192.168.7.0/24
you
>> can do it in 1 statement, by not sticking to the contiguous bit
model.
>>
>> access-list 101 permit ip any 192.168.1.0 0.0.6.255
>>
>> Or how about in one statement select only the following nets -
>> 172.16.32.0/24, 172.16.36.0/24, 172.16.48.0/24, 172.16.52.0/24,
>> 168.16.32.0/24, 168.16.36.0/24, 168.16.48.0/24, 168.16.52.0/24.
>>
>> access-list 102 permit ip any 168.16.32.0 4.0.20.0
>>
>> I used examples of course that fit nicely, but if a question asks you
to
>> do something like this and let's say one or two nets don't fit. You
can
>> throw in the ones that don't fit as initial deny statements and
you'll
>> probably still end up with less lines.
>>
>> ~ Brian L
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
>> Pierre-Alex
>> Sent: Friday, November 25, 2005 3:11 PM
>> To: Montiean; ccielab@groupstudy.com
>> Subject: Re: wildcard mask question
>>
>> Why not use an extended acces-list to match the mask also ?
>>
>> This way you don't have to worry about matching other prefix.
>>
>> You are doing exactly what was asked of you!
>>
>> access-list 100 permit 192.168.20.0 0.0.3.0 255.255.255.0 0.0.0.0
>>
>> Pierre
>>
>> ----- Original Message -----
>> From: "Montiean" <noktes@bellsouth.net>
>> To: <ccielab@groupstudy.com>
>> Sent: Monday, October 31, 2005 12:24 AM
>> Subject: wildcard mask question
>>
>>
>>> Folks,
>>> Just want to get the idea on wildcard mask using acl in the lab.
>>> For an example, let say we need to use only one statement in acl to
>> filter
>>> routes below
>>>
>>> 192.168.20.0/24
>>> 192.168.21.0/24
>>> 192.168.22.0/24
>>> 192.168.23.0/24
>>>
>>> So we can use either ways as below
>>>
>>> access-list 1 permit 192.168.20.0 0.0.3.0
>>> or
>>> access-list 1 permit 192.168.20.0 0.0.3.255
>>>
>>> The result is going to be the same but which way should be right in
>> the
>>> lab.
>>> Any comments would be appreciate.
>>>
>>> Thanks,
>>> Montiean
>>>
>>>
>>
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:08 GMT-3