RE: help with complex wildcard masks

From: Wilson, Ryan # Atlanta (Ryan.Wilson@relayhealth.com)
Date: Sat Oct 13 2007 - 14:10:24 ART

• Next message: Jo Knight: "IEWB v4 Lab 3 Task 4.9"
• Previous message: Gary Duncanson: "Re: Minimum configs on FR interface to allow ATM Traffic"
• Maybe in reply to: Joseph Brunner: "help with complex wildcard masks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Me too. I think I figured it out, but it took me way to long. I fast
solution would be nice.
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Cecil Wilson
Sent: Saturday, October 13, 2007 10:23 AM
To: Eric Dobyns; Kenta Watai
Cc: Clay K Auch (clauch); Joseph Brunner; Cisco certification
Subject: RE: help with complex wildcard masks

Hello GS
  I have been following this thread, but still don't get it. I can do
AND, XOR but
Is there a way mark the subnet that need to be deny in order to permit
other subnets, while denying the subnet is question, and NOT use deny
statements? Can someone explain how to do it or point me to good link?
Thanks for all help!

Cecil G. Wilson
IT Network Services
Office: (901) 215-2710
Cell: (901) 601-6201
VoIP 104-2710
FLEX Logistics
cecil.wilson@flextronics.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Eric Dobyns
Sent: Thursday, October 11, 2007 6:27 PM
To: 'Kenta Watai'
Cc: 'Clay K Auch (clauch)'; 'Joseph Brunner'; 'Cisco certification'
Subject: RE: help with complex wildcard masks

Question doesn't allow deny statements. Only permits.

-----Original Message-----
From: Kenta Watai [mailto:kkwatai@gmail.com]
Sent: Thursday, October 11, 2007 6:21 PM
To: Eric Dobyns
Cc: 'Clay K Auch (clauch)'; 'Joseph Brunner'; 'Cisco certification'
Subject: Re: help with complex wildcard masks

Catch the exceptions first and then whack it.

deny 10.0.0.0 0.0.0.255
permit 10.248.0.0 0.0.0.255
deny 10.248.0.0 0.7.255.255
permit 10.0.0.0 0.255.255.255

Please comment.

Thank you
Kenta

Eric Dobyns wrote:
> Taking a stab at it... someone sing out if they have a better idea...
>
> You first want to permit 10.1.0.0/16 - 10.20.0.0/16
>
> Permit ip 10.1.0.0 0.0.255.255 (permits 10.1.0.0/16)
> Permit ip 10.2.0.0 0.1.255.255 (permits 10.2.0.0/16 - 10.3.0.0/16)
> Permit ip 10.4.0.0 0.3.255.255 (permits 10.4.0.0/16 - 10.7.0.0/16)
> Permit ip 10.8.0.0 0.7.255.255 (permits 10.8.0.0/16 - 10.15.0.0/16)
> Permit ip 10.16.0.0 0.3.255.255 (permits 10.16.0.0/16 - 10.19.0.0/16)

> Permit ip 10.20.0.0 0.0.255.255 (permits 10.20.0.0/16)
>
> The first part would have been easier if they had allowed 10.0.0.0/16
> to
be
> permited, but since they said start with 10.1.0.0/24, it got more
tricky.
>
> Part 2 is the 10.21.0.0/16 subnet, minus 10.21.1.0/24.
>
> Permit ip 10.21.0.0 0.0.0.255 (permits 10.21.0.0/24)
> Permit ip 10.21.2.0 0.0.1.255 (permits 10.21.2-3.0/24)
> Permit ip 10.21.4.0 0.0.3.255 (permits 10.21.4-7.0/24)
> Permit ip 10.21.8.0 0.0.7.255 (permits 10.21.8-15.0/24)
> Permit ip 10.21.16.0 0.0.15.255 (permits 10.21.16-31.0/24) Permit ip
> 10.21.32.0 0.0.31.255 (permits 10.21.32-63.0/24) Permit ip 10.21.64.0
> 0.0.63.255 (permits 10.21.64-127.0/24) Permit ip 10.21.128.0
> 0.0.127.255 (permits 10.21.128-255.0/24)
>
> Part 3 is the 10.22.0.0/16 - 10.127.0.0/16
>
> Permit ip 10.22.0.0 0.0.1.255 (permits 10.22.0.0/16 and
10.23.0.0/16)
> Permit ip 10.24.0.0 0.0.7.255 (permits 10.24.0.0/16 through
10.31.0.0/16)
> Permit ip 10.32.0.0 0.0.31.255 (permits 10.32.0.0/16 through
10.63.0.0/16)
> Permit ip 10.64.0.0 0.0.63.255 (permits 10.64.0.0/16 through
10.127.0.0/16)
>
> Part 4 is the first subnets of 10.128.0.0/16 Permit ip 10.128.0.0
> 0.0.15.255 (permits 10.128.0.0/24 through
> 10.128.15.0/24)
> Permit ip 10.128.16.0 0.0.0.255 (permits 10.128.16.0/24)
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
Clay
> K Auch (clauch)
> Sent: Thursday, October 11, 2007 3:18 PM
> To: Joseph Brunner; Cisco certification
> Subject: RE: help with complex wildcard masks
>
> Hey man,
>
> Did you ever figure out that wildcard problem from about a week or so
back?
>
> Clay
>
> -----Original Message-----
> From: Joseph Brunner [mailto:joe@affirmedsystems.com]
> Sent: Monday, October 01, 2007 10:50 PM
> To: Clay K Auch (clauch); 'Cisco certification'
> Subject: RE: help with complex wildcard masks
>
> I agree, I was referring to that link when I said I knew how to do
> those tasks in that link.
>
> This link has not yet yield a strategy to tackle questions like this
one...
>
> "Permit 10.1.0.0/24 through 10.128.16.0/24. Do not permit
> 10.21.1.0/24. Do not use any deny statements. Use as few lines a
possible, yada yada yada."
>
> See?
>
> Help :(
>
> -----Original Message-----
> From: Clay K Auch (clauch) [mailto:clauch@cisco.com]
> Sent: Monday, October 01, 2007 10:49 PM
> To: Joseph Brunner; Cisco certification
> Subject: RE: help with complex wildcard masks
>
>
> Hello Joseph,
>
> I highly recommend this link below. They have laid out the information

> in such a way that allows you to understand it by the end of the read.
>
> http://www.internetworkexpert.com/resources/01700370.htm
>
> Enjoy!
>
> Clay
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Joseph Brunner
> Sent: Monday, October 01, 2007 9:08 PM
> To: 'Cisco certification'
> Subject: help with complex wildcard masks
>
> Good evening (or morning/afternoon if you are east of ZULU time),
>
>
>
> I was wondering if someone can point me to a good source of
> information
for
> calculating complex wild card masks. I'm very fast/accurate and
> anding/xoring a few
>
> Ip addresses and coming up with an ip address and a discontinuous-ones
wild
> card mask to permit several addresses on one acl line thanks to the
Brians's
> nice paper we all see here often. I'm more interested in things like
this.
>
>
>
> Match 10.0.1.0/24 through 10.248.0.0/24 in as few acl lines as
possible.
>
>
>
> What is the trick to calculation of the wild card masks? I often see
> weird answers here and there that wont match a few subnets from that
> group (say 3), then they bundle them in to make 4 or 5 lines to solve
> the above question.
>
>
>
> I would really appreciate some direction here.
>
>
>
> Thanks,
>
>
>
> Joseph Brunner
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Jo Knight: "IEWB v4 Lab 3 Task 4.9"
• Previous message: Gary Duncanson: "Re: Minimum configs on FR interface to allow ATM Traffic"
• Maybe in reply to: Joseph Brunner: "help with complex wildcard masks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:14 ART