From: Alexandre Ribeiro (alexandregomesribeiro@gmail.com)
Date: Sat Feb 23 2008 - 14:22:38 ARST
The "trick" is to think in binary:
5 = 0000 0101
10 = 0000 1010
13 = 0000 1101
14 = 0000 1110
If you look at the binary representation of 5 and 13, you'll see that they
have the last three bits in common (101):
5 = 0000 0101
13 = 0000 1101
Therefore, if you have a wildcard where you don't care about the 4th bit
from the right, you'll match both 5 and 13. In a wildcard, a bit set to one
means that the router won't compare that bit against the prefix that you're
supplying. Therefore, if you have an ACL like:
access-list 10 permit 192.168.5.0 0.0.8.255
This means, translated to binary:
11000000.10101000.0000x101.xxxxxxxx where x represents a bit that you don't
want to compare. This will match 5 and 13 in the third octet, in the network
192.168.x.x.
The same reasoning can be applied to 10 and 14 (but here it's the third bit
from the right that you'll want to ignore).
HTH,
Alex
On Fri, Feb 22, 2008 at 2:56 AM, Rods Rods2 <rods1234@hotmail.com> wrote:
> Hello masters.
>
> I am getting confusing studying some kinds of wildcard masks. I understand
> well the tradional wildcard mask for VLSM, but others are very weird.
> I would like to know how to calculate this masks, as example:
> How to only permit routes that the third octect is 5, 10, 13, 14 using
> only
> two ACL. (Net 192.168.x.0) ?
>
> I got the answer from a book:
>
> access-list 10 permit 192.168.5.0 0.0.8.255
> access-list 10 permit 192.168.10.0 0.0.4.255
>
> How to get that answer? I really didn't undestand. Is that rigth ?
>
> Thanks in advance.
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:49 ARST