RE: help with complex wildcard masks

From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Fri Oct 12 2007 - 12:17:57 ART

• Next message: wim.depauw@getronics.com: "IPexpert Workbook 8.0 labs 36-40"
• Previous message: Eagle: "Re: what "session-timeout" command does? it' does nothing on my"
• Maybe in reply to: Joseph Brunner: "help with complex wildcard masks"
• Next in thread: Shine Joseph: "RE: help with complex wildcard masks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Except that you denied the entire 10.21.0.0/16 and were supposed to only
deny 10.21.1.0/24.

Permit:

10.21.0.0/24
10.21.2.0/23
10.21.4.0/22
10.21.8.0/21
10.21.16.0/20
10.21.32.0/19
10.21.64.0/18
10.21.128.0/17

Rik

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Usankin, Andrew
Sent: Thursday, October 11, 2007 8:54 PM
To: Cisco certification
Subject: RE: help with complex wildcard masks

Ok, here is the question (sorry if I took it wrong, it wasn't clear from
e-mail) "Permit 10.1.0.0/24 through 10.128.16.0/24.
 Do not permit 10.21.1.0/24.
 Do not use any deny statements.
 Use as few lines a possible."

And here is my answer:
permit following networks
10.1.0.0/16 (covers 10.1.0.0 through 10.1.255.255)
10.2.0.0/15 (covers 10.2.0.0 through 10.3.255.255)
10.4.0.0/14 (covers 10.4.0.0 through 10.7.255.255)
10.8.0.0/13 (covers 10.8.0.0 through 10.15.255.255)
10.16.0.0/14 (covers 10.16.0.0 through 10.19.255.255)
10.20.0.0/16 (covers 10.20.0.0 through 10.20.255.255)
10.22.0.0/15 (covers 10.22.0.0 through 10.23.255.255)
10.24.0.0/13 (covers 10.24.0.0 through 10.31.255.255)
10.32.0.0/11 (covers 10.32.0.0 through 10.63.255.255) 10.64.0.0/10 (covers
10.64.0.0 through 10.127.255.255) 10.128.0.0/20 (covers 10.128.0.0 through
10.128.15.255)
10.128.16.0/24 (covers 10.128.16.0 through 10.128.16.255)

Andrew.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Eric
Dobyns
Sent: Thursday, October 11, 2007 5:27 PM
To: 'Kenta Watai'
Cc: 'Clay K Auch (clauch)'; 'Joseph Brunner'; 'Cisco certification'
Subject: RE: help with complex wildcard masks

Question doesn't allow deny statements. Only permits.

-----Original Message-----
From: Kenta Watai [mailto:kkwatai@gmail.com]
Sent: Thursday, October 11, 2007 6:21 PM
To: Eric Dobyns
Cc: 'Clay K Auch (clauch)'; 'Joseph Brunner'; 'Cisco certification'
Subject: Re: help with complex wildcard masks

Catch the exceptions first and then whack it.

deny 10.0.0.0 0.0.0.255
permit 10.248.0.0 0.0.0.255
deny 10.248.0.0 0.7.255.255
permit 10.0.0.0 0.255.255.255

Please comment.

Thank you
Kenta

Eric Dobyns wrote:
> Taking a stab at it... someone sing out if they have a better idea...
>
> You first want to permit 10.1.0.0/16 - 10.20.0.0/16
>
> Permit ip 10.1.0.0 0.0.255.255 (permits 10.1.0.0/16)
> Permit ip 10.2.0.0 0.1.255.255 (permits 10.2.0.0/16 - 10.3.0.0/16)
> Permit ip 10.4.0.0 0.3.255.255 (permits 10.4.0.0/16 - 10.7.0.0/16)
> Permit ip 10.8.0.0 0.7.255.255 (permits 10.8.0.0/16 - 10.15.0.0/16)
> Permit ip 10.16.0.0 0.3.255.255 (permits 10.16.0.0/16 - 10.19.0.0/16)

> Permit ip 10.20.0.0 0.0.255.255 (permits 10.20.0.0/16)
>
> The first part would have been easier if they had allowed 10.0.0.0/16
> to
be
> permited, but since they said start with 10.1.0.0/24, it got more
tricky.
>
> Part 2 is the 10.21.0.0/16 subnet, minus 10.21.1.0/24.
>
> Permit ip 10.21.0.0 0.0.0.255 (permits 10.21.0.0/24)
> Permit ip 10.21.2.0 0.0.1.255 (permits 10.21.2-3.0/24)
> Permit ip 10.21.4.0 0.0.3.255 (permits 10.21.4-7.0/24)
> Permit ip 10.21.8.0 0.0.7.255 (permits 10.21.8-15.0/24)
> Permit ip 10.21.16.0 0.0.15.255 (permits 10.21.16-31.0/24) Permit ip
> 10.21.32.0 0.0.31.255 (permits 10.21.32-63.0/24) Permit ip 10.21.64.0
> 0.0.63.255 (permits 10.21.64-127.0/24) Permit ip 10.21.128.0
> 0.0.127.255 (permits 10.21.128-255.0/24)
>
> Part 3 is the 10.22.0.0/16 - 10.127.0.0/16
>
> Permit ip 10.22.0.0 0.0.1.255 (permits 10.22.0.0/16 and
10.23.0.0/16)
> Permit ip 10.24.0.0 0.0.7.255 (permits 10.24.0.0/16 through
10.31.0.0/16)
> Permit ip 10.32.0.0 0.0.31.255 (permits 10.32.0.0/16 through
10.63.0.0/16)
> Permit ip 10.64.0.0 0.0.63.255 (permits 10.64.0.0/16 through
10.127.0.0/16)
>
> Part 4 is the first subnets of 10.128.0.0/16 Permit ip 10.128.0.0
> 0.0.15.255 (permits 10.128.0.0/24 through
> 10.128.15.0/24)
> Permit ip 10.128.16.0 0.0.0.255 (permits 10.128.16.0/24)
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
Clay
> K Auch (clauch)
> Sent: Thursday, October 11, 2007 3:18 PM
> To: Joseph Brunner; Cisco certification
> Subject: RE: help with complex wildcard masks
>
> Hey man,
>
> Did you ever figure out that wildcard problem from about a week or so
back?
>
> Clay
>
> -----Original Message-----
> From: Joseph Brunner [mailto:joe@affirmedsystems.com]
> Sent: Monday, October 01, 2007 10:50 PM
> To: Clay K Auch (clauch); 'Cisco certification'
> Subject: RE: help with complex wildcard masks
>
> I agree, I was referring to that link when I said I knew how to do
> those tasks in that link.
>
> This link has not yet yield a strategy to tackle questions like this
one...
>
> "Permit 10.1.0.0/24 through 10.128.16.0/24. Do not permit
> 10.21.1.0/24. Do not use any deny statements. Use as few lines a
possible, yada yada yada."
>
> See?
>
> Help :(
>
> -----Original Message-----
> From: Clay K Auch (clauch) [mailto:clauch@cisco.com]
> Sent: Monday, October 01, 2007 10:49 PM
> To: Joseph Brunner; Cisco certification
> Subject: RE: help with complex wildcard masks
>
>
> Hello Joseph,
>
> I highly recommend this link below. They have laid out the information

> in such a way that allows you to understand it by the end of the read.
>
> http://www.internetworkexpert.com/resources/01700370.htm
>
> Enjoy!
>
> Clay
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Joseph Brunner
> Sent: Monday, October 01, 2007 9:08 PM
> To: 'Cisco certification'
> Subject: help with complex wildcard masks
>
> Good evening (or morning/afternoon if you are east of ZULU time),
>
>
>
> I was wondering if someone can point me to a good source of
> information
for
> calculating complex wild card masks. I'm very fast/accurate and
> anding/xoring a few
>
> Ip addresses and coming up with an ip address and a discontinuous-ones
wild
> card mask to permit several addresses on one acl line thanks to the
Brians's
> nice paper we all see here often. I'm more interested in things like
this.
>
>
>
> Match 10.0.1.0/24 through 10.248.0.0/24 in as few acl lines as
possible.
>
>
>
> What is the trick to calculation of the wild card masks? I often see
> weird answers here and there that wont match a few subnets from that
> group (say 3), then they bundle them in to make 4 or 5 lines to solve
> the above question.
>
>
>
> I would really appreciate some direction here.
>
>
>
> Thanks,
>
>
>
> Joseph Brunner
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: wim.depauw@getronics.com: "IPexpert Workbook 8.0 labs 36-40"
• Previous message: Eagle: "Re: what "session-timeout" command does? it' does nothing on my"
• Maybe in reply to: Joseph Brunner: "help with complex wildcard masks"
• Next in thread: Shine Joseph: "RE: help with complex wildcard masks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:14 ART