RE: Computing Access-List and Wildcard Pairs - Can I use the

From: Huan Pham (huan.pham@valuenet.com.au)
Date: Wed Jan 30 2008 - 04:21:22 ARST

Mohamed,

I just checked the Internetwork Expert link. It works out 10.0.0.0 /
0.36.0.0 as the ACL that matches the 4 prefixes. The context that I was
thinking of leaded to the ACL 10.0.0.0 / 0.36.255.255.

I guess both are OK, it just depends.

- Internetwork Expert refers ACL in the routing context, where they want to
match certain prefixes, where subnet mask must be /16.

- In my previous email, I was refereeing ACL that matches traffic from these
4 subnet ranges, where the subnet mask is not relevant.

Cheers,
 
Huan

-----Original Message-----
From: Huan Pham [mailto:huan.pham@valuenet.com.au]
Sent: Wednesday, 30 January 2008 4:48 PM
To: 'Mohamed Radwan'; 'ccielab@groupstudy.com'
Subject: RE: Computing Access-List and Wildcard Pairs - Can I use the same
for Route Summarization ???

Mohamed,

This is an interesting question. My answer to this question is NO. The
fundamental difference between an ACL and a route prefix is

- A route prefix have subnet mask in the format of 1111...111100...0 where
1111111 stand for subnet bits, 0000000 stands for host portion, and have to
be in the contiguous positions.

- ACL uses a wild card mask, which can have mix of 1 & 0 bits in any
position.

In your example 10.0.0.0 / 0.36.255.255 would match all 4 non-contiguous
subnets 10.0.0.0/16, 10.4.0.0/16, 10.32.0.0/16, 10.36.0.0/16.

On the other hand, you can not use 10.0.0.0 / 255.219.0.0 as a summary
route. If you try to configure such a route, you will get a message as
below:

R1(config)#ip route 10.0.0.0 255.219.0.0 Fa0/0
%Inconsistent address and mask

Cheers,
 
Huan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mohamed Radwan
Sent: Tuesday, 29 January 2008 8:42 PM
To: ccielab@groupstudy.com
Subject: Computing Access-List and Wildcard Pairs - Can I use the same for
Route Summarization ???

Hello GS,

I went through below link about Computing Access-List and Wildcard Pairs

http://www.internetworkexpert.com/resources/01700370.htm

I found it really interesting document about how to find the most specific
address and wildcard pair that will match some addresses even if they are
not contiguous addresses. (i.e. 10.0.0.0/16, 10.4.0.0/16, 10.32.0.0/16,
10.36.0.0/16 )

What I need you advise in is can I use the same concept for Route
Summarization ?
I know that for route summrization the subnet mask must be series of 1
followed by series of zeros and we can mix them through the subnetmask.

So Please advise If I want to create a summary route for the above example (
10.0.0.0/16, 10.4.0.0/16, 10.32.0.0/16, 10.36.0.0/16 ) How can I do it
without overlapping ?

thanks in advance
Mohamed

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:38:02 ARST