Re: Wildcard mask

From: Matt Bentley (mattdbentley@gmail.com)
Date: Sat Feb 23 2008 - 15:05:33 ARST

• Next message: John: "Re: BGP-WEIGHT"
• Previous message: Alexandre Ribeiro: "Re: test - can't post!!!"
• Maybe in reply to: Rods Rods2: "Wildcard mask"
• Next in thread: Rich Collins: "Re: Wildcard mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Rod:

Yes, I believe that is correct. Here is my understanding.

The non-mask part of an ACL specifies basically the "starting" location for
the range specified by the wildcard.

Here is how I think of it.

1.1.1.0 0.0.0.255

The first three zeros in the mask specify that you can have a variance of
"0" - meaning those octets must match exactly. The four octet specifies a
variance of 255 from the starting point (in this case 0) - so the fourth
octet can be anything 0 to 255.

In your case:

access-list 10 permit 192.168.5.0 0.0.8.255
access-list 10 permit 192.168.10.0 0.0.4.255

The first line specifies an exact match for the first octets, a range of 8
from the starting point (5) , and a fourth octet equal to anything. This
takes care of the 5 and 13

The second line specifies an exact match for the first two octets, a range
from 10-14 in the third octet, and a value of anything for the fourth
octet.

In these cases, the entire range - from 5-14 in the third octet would be
permitted. To only allow those exact matches, I don't think it would be
possible without four separate exact matches in an ACL.

HTH

Matt Bentley

On Thu, Feb 21, 2008 at 9:56 PM, Rods Rods2 <rods1234@hotmail.com> wrote:

> Hello masters.
>
> I am getting confusing studying some kinds of wildcard masks. I understand
> well the tradional wildcard mask for VLSM, but others are very weird.
> I would like to know how to calculate this masks, as example:
> How to only permit routes that the third octect is 5, 10, 13, 14 using
> only
> two ACL. (Net 192.168.x.0) ?
>
> I got the answer from a book:
>
> access-list 10 permit 192.168.5.0 0.0.8.255
> access-list 10 permit 192.168.10.0 0.0.4.255
>
> How to get that answer? I really didn't undestand. Is that rigth ?
>
> Thanks in advance.
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

• Next message: John: "Re: BGP-WEIGHT"
• Previous message: Alexandre Ribeiro: "Re: test - can't post!!!"
• Maybe in reply to: Rods Rods2: "Wildcard mask"
• Next in thread: Rich Collins: "Re: Wildcard mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:49 ARST