From: Alexandre Ribeiro (alexandregomesribeiro@gmail.com)
Date: Sat Feb 23 2008 - 14:26:08 ARST
Hmm, I just answered this question (phrased differently) on another post.
Here it goes again:
The "trick" is to think in binary:
5 = 0000 0101
10 = 0000 1010
13 = 0000 1101
14 = 0000 1110
If you look at the binary representation of 5 and 13, you'll see that they
have the last three bits in common (101):
5 = 0000 0101
13 = 0000 1101
Therefore, if you have a wildcard where you don't care about the 4th bit
from the right, you'll match both 5 and 13. In a wildcard, a bit set to one
means that the router won't compare that bit against the prefix that you're
supplying. Therefore, if you have an ACL like:
access-list 10 permit 192.168.5.0 0.0.8.255
This means, translated to binary:
11000000.10101000.0000x101.xxxxxxxx where x represents a bit that you don't
want to compare. This will match 5 and 13 in the third octet, in the network
192.168.x.x.
The same reasoning can be applied to 10 and 14 (but here it's the third bit
from the right that you'll want to ignore).
HTH,
Alex
On Thu, Feb 21, 2008 at 10:15 PM, Snyder, Daniel P <
DPSnyder@hammond.k12.in.us> wrote:
> Say I have the following networks...
>
>
>
> 192.168.0.0/24 - 192.168.15.0/24
>
>
>
> I need to make a filter on routes coming in. The router can only accept
> the following routes:
>
>
>
> 192.168.5.0
>
> 192.168.10.0
>
> 192.168.13.0
>
> 192.168.14.0
>
>
>
> The trick is it can only be a 2 line acl... Is this even possible??
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:49 ARST