From: Joseph Brunner (joe@affirmedsystems.com)
Date: Tue Oct 02 2007 - 19:06:33 ART
Nope. That is not the answer...
I'm working out a strategy now... its painful and crazy this isn't tackled
anywhere... I'm going to learn to make shoes and toothbrushes after this,
that's how I feel.
If you XOR the first address you want to match and prefix in binary with
The ADDRESS you DON'T want to match and that prefix in binary, you start to
see a pattern... It will come to me with practice.
For me an acceptable solution will take 60 seconds every time, always be
accurate, using the least # of lines, and allow for up to 3 exceptions to
the permit any in this range rule.
Joseph "Still stuck on wacky complex wildcard masks" Brunner
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Clay
K Auch (clauch)
Sent: Tuesday, October 02, 2007 5:33 PM
To: Joseph Brunner; Cisco certification
Subject: RE: help with complex wildcard masks
Joe,
Sorry about that ... Knee-jerk type reaction. I am working on the solution
as well ... For I have also had many hours of fun with these sort of tasks
(and obviously continue to do so):<grin>
I am taking a stab ... But, below is what I believe the answer is (please
correct if I am missing something .. Have not bee sleeping a lot lately):
access-list 1 permit 10.1.0.0 0.31.255.255
access-list 1 permit 10.21.2.0 0.127.239.255
Wow ... Brain fart today ...
Have not lab'd this one up yet. What did you come up with?
Clay
-----Original Message-----
From: Joseph Brunner [mailto:joe@affirmedsystems.com]
Sent: Monday, October 01, 2007 10:50 PM
To: Clay K Auch (clauch); 'Cisco certification'
Subject: RE: help with complex wildcard masks
I agree, I was referring to that link when I said I knew how to do those
tasks in that link.
This link has not yet yield a strategy to tackle questions like this one...
"Permit 10.1.0.0/24 through 10.128.16.0/24. Do not permit 10.21.1.0/24. Do
not use any deny statements. Use as few lines a possible, yada yada yada."
See?
Help :(
-----Original Message-----
From: Clay K Auch (clauch) [mailto:clauch@cisco.com]
Sent: Monday, October 01, 2007 10:49 PM
To: Joseph Brunner; Cisco certification
Subject: RE: help with complex wildcard masks
Hello Joseph,
I highly recommend this link below. They have laid out the information in
such a way that allows you to understand it by the end of the read.
http://www.internetworkexpert.com/resources/01700370.htm
Enjoy!
Clay
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joseph Brunner
Sent: Monday, October 01, 2007 9:08 PM
To: 'Cisco certification'
Subject: help with complex wildcard masks
Good evening (or morning/afternoon if you are east of ZULU time),
I was wondering if someone can point me to a good source of information for
calculating complex wild card masks. I'm very fast/accurate and
anding/xoring a few
Ip addresses and coming up with an ip address and a discontinuous-ones wild
card mask to permit several addresses on one acl line thanks to the Brians's
nice paper we all see here often. I'm more interested in things like this.
Match 10.0.1.0/24 through 10.248.0.0/24 in as few acl lines as possible.
What is the trick to calculation of the wild card masks? I often see weird
answers here and there that wont match a few subnets from that group (say
3), then they bundle them in to make 4 or 5 lines to solve the above
question.
I would really appreciate some direction here.
Thanks,
Joseph Brunner
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:11 ART