Re: help with complex wildcard masks

From: Kenta Watai (kkwatai@gmail.com)
Date: Thu Oct 11 2007 - 20:21:11 ART

• Next message: ruth@mycomputer.co.uk: "Re: This greeting's for you!"
• Previous message: nrf: "Re: CCIE Lab Price Increase"
• Maybe in reply to: Joseph Brunner: "help with complex wildcard masks"
• Next in thread: Eric Dobyns: "RE: help with complex wildcard masks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Catch the exceptions first and then whack it.

deny 10.0.0.0 0.0.0.255
permit 10.248.0.0 0.0.0.255
deny 10.248.0.0 0.7.255.255
permit 10.0.0.0 0.255.255.255

Please comment.

Thank you
Kenta

Eric Dobyns wrote:
> Taking a stab at it... someone sing out if they have a better idea...
>
> You first want to permit 10.1.0.0/16 - 10.20.0.0/16
>
> Permit ip 10.1.0.0 0.0.255.255 (permits 10.1.0.0/16)
> Permit ip 10.2.0.0 0.1.255.255 (permits 10.2.0.0/16 - 10.3.0.0/16)
> Permit ip 10.4.0.0 0.3.255.255 (permits 10.4.0.0/16 - 10.7.0.0/16)
> Permit ip 10.8.0.0 0.7.255.255 (permits 10.8.0.0/16 - 10.15.0.0/16)
> Permit ip 10.16.0.0 0.3.255.255 (permits 10.16.0.0/16 - 10.19.0.0/16)
> Permit ip 10.20.0.0 0.0.255.255 (permits 10.20.0.0/16)
>
> The first part would have been easier if they had allowed 10.0.0.0/16 to be
> permited, but since they said start with 10.1.0.0/24, it got more tricky.
>
> Part 2 is the 10.21.0.0/16 subnet, minus 10.21.1.0/24.
>
> Permit ip 10.21.0.0 0.0.0.255 (permits 10.21.0.0/24)
> Permit ip 10.21.2.0 0.0.1.255 (permits 10.21.2-3.0/24)
> Permit ip 10.21.4.0 0.0.3.255 (permits 10.21.4-7.0/24)
> Permit ip 10.21.8.0 0.0.7.255 (permits 10.21.8-15.0/24)
> Permit ip 10.21.16.0 0.0.15.255 (permits 10.21.16-31.0/24)
> Permit ip 10.21.32.0 0.0.31.255 (permits 10.21.32-63.0/24)
> Permit ip 10.21.64.0 0.0.63.255 (permits 10.21.64-127.0/24)
> Permit ip 10.21.128.0 0.0.127.255 (permits 10.21.128-255.0/24)
>
> Part 3 is the 10.22.0.0/16 - 10.127.0.0/16
>
> Permit ip 10.22.0.0 0.0.1.255 (permits 10.22.0.0/16 and 10.23.0.0/16)
> Permit ip 10.24.0.0 0.0.7.255 (permits 10.24.0.0/16 through 10.31.0.0/16)
> Permit ip 10.32.0.0 0.0.31.255 (permits 10.32.0.0/16 through 10.63.0.0/16)
> Permit ip 10.64.0.0 0.0.63.255 (permits 10.64.0.0/16 through 10.127.0.0/16)
>
> Part 4 is the first subnets of 10.128.0.0/16
> Permit ip 10.128.0.0 0.0.15.255 (permits 10.128.0.0/24 through
> 10.128.15.0/24)
> Permit ip 10.128.16.0 0.0.0.255 (permits 10.128.16.0/24)
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Clay
> K Auch (clauch)
> Sent: Thursday, October 11, 2007 3:18 PM
> To: Joseph Brunner; Cisco certification
> Subject: RE: help with complex wildcard masks
>
> Hey man,
>
> Did you ever figure out that wildcard problem from about a week or so back?
>
> Clay
>
> -----Original Message-----
> From: Joseph Brunner [mailto:joe@affirmedsystems.com]
> Sent: Monday, October 01, 2007 10:50 PM
> To: Clay K Auch (clauch); 'Cisco certification'
> Subject: RE: help with complex wildcard masks
>
> I agree, I was referring to that link when I said I knew how to do those
> tasks in that link.
>
> This link has not yet yield a strategy to tackle questions like this one...
>
> "Permit 10.1.0.0/24 through 10.128.16.0/24. Do not permit 10.21.1.0/24. Do
> not use any deny statements. Use as few lines a possible, yada yada yada."
>
> See?
>
> Help :(
>
> -----Original Message-----
> From: Clay K Auch (clauch) [mailto:clauch@cisco.com]
> Sent: Monday, October 01, 2007 10:49 PM
> To: Joseph Brunner; Cisco certification
> Subject: RE: help with complex wildcard masks
>
>
> Hello Joseph,
>
> I highly recommend this link below. They have laid out the information in
> such a way that allows you to understand it by the end of the read.
>
> http://www.internetworkexpert.com/resources/01700370.htm
>
> Enjoy!
>
> Clay
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joseph Brunner
> Sent: Monday, October 01, 2007 9:08 PM
> To: 'Cisco certification'
> Subject: help with complex wildcard masks
>
> Good evening (or morning/afternoon if you are east of ZULU time),
>
>
>
> I was wondering if someone can point me to a good source of information for
> calculating complex wild card masks. I'm very fast/accurate and
> anding/xoring a few
>
> Ip addresses and coming up with an ip address and a discontinuous-ones wild
> card mask to permit several addresses on one acl line thanks to the Brians's
> nice paper we all see here often. I'm more interested in things like this.
>
>
>
> Match 10.0.1.0/24 through 10.248.0.0/24 in as few acl lines as possible.
>
>
>
> What is the trick to calculation of the wild card masks? I often see weird
> answers here and there that wont match a few subnets from that group (say
> 3), then they bundle them in to make 4 or 5 lines to solve the above
> question.
>
>
>
> I would really appreciate some direction here.
>
>
>
> Thanks,
>
>
>
> Joseph Brunner
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ruth@mycomputer.co.uk: "Re: This greeting's for you!"
• Previous message: nrf: "Re: CCIE Lab Price Increase"
• Maybe in reply to: Joseph Brunner: "help with complex wildcard masks"
• Next in thread: Eric Dobyns: "RE: help with complex wildcard masks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:14 ART