access-list mask/wildcardmask calculation
From: Frank (ocsic@web.de)
Date: Wed Sep 13 2006 - 04:06:26 ART
Hi,
here is a source from IE for calculating ip access-list mask and
wildcardmasks.
http://www.internetworkexpert.com/resources/01700370.htm
I have a question regarding this .
I'm currently comparing my results and the ways described there and
calculations
are different from what i would setup the "normal" way.
Do you understand what i mean? Here is an example:
Two addresses that should be covered by an access-list.
192.168.32.5
192.168.48.99
The IE page says:
11000000 => 192
11000000 => 192
b�b�b�b�b�b�- AND
11000000 => 192
10101000 => 168
10101000 => 168
b�b�b�b�b�b� AND
10101000 => 168
00100000 => 32
00110000 => 48
b�b�b�b�b�b� AND
00100000 => 32
00000101 => 5
01100011 => 99
b�b�b�b�b�- AND
00000001 => 1
Resulting mask 192.168.32.1
Wildcardmask:
11000000 => 192
11000000 => 192
b�b�b�b�b�b�XOR
0000000 => 0
10101000 => 168
10101000 => 168
b�b�b�b�b�b�XOR
00000000 => 168
00100000 => 32
00110000 => 48
b�b�b�b�b�b�XOR
00010000 => 16
00000101 => 5
01100011 => 99
b�b�b�b�b�-XOR
01100110 => 102
Resulting wildcardmask: 0.0.16.102
So for the IP addresses
192.168.32.5
192.168.48.99
The mask for a matching access-list is 192.168.32.1 and the wildcardmask
is 0.0.16.102
ip access-list 1 permit 192.168.32.1 0.0.16.102
Is this the most optimal mask calculation?
But i would set up:
ip access-list 1 permit 192.168.32.0 0.0.31.255
To match the 192.168.32.0 subnet to 192.168.63.255 where i cover both ip
addresses.
What is the difference. Is the other result more opimal in just covering
these two addresses?
Frank
This archive was generated by hypermail 2.1.4
: Sun Oct 01 2006 - 16:55:40 ART