RE: ACL -- requirement

From: Shine Joseph (shinepjoseph@iprimus.com.au)
Date: Mon Apr 14 2008 - 14:12:03 ART

• Next message: Aabid Saleem: "Re: ACL -- requirement"
• Previous message: maz hasan: "Re: ACL -- requirement"
• Maybe in reply to: Aabid Saleem: "ACL -- requirement"
• Next in thread: Aabid Saleem: "Re: ACL -- requirement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Abid,

Not that long ago, the same question appeared in the GS. Check in the
archive before posting questions. Most likely the question was already been
answered. My response to the same question is as follows:
========================================================

The key here is to convert the decimals into binary and we are interested
only in the third octet. So,
5 is 0000 0101
10 is 0000 1010
13 is 0000 1101
14 is 0000 1110

Since the question is specific about number of lines in the acl, group the
binary in such a way that it forms 2 groups with maximum matching of bit
positions.

Line 1 and 2 mismatches in 2 positions
Line 1 and 3 mismatches in 1 position
Line 1 and 4 mismatches in 3 positions

The minimum mismatch is among lines 1 and 3.

0000 0101
0000 1101

The forth bit position value in decimal is 8

Similarly, you can group the remaining 2 lines

0000 1010
0000 1110

Here, the third position is the only mismatch; with its value in decimal is
4.

The acl entries must be

192.168.5.0 0.0.8.255 and
192.1.168.10.0 0.0.4.255

HTH
Shine

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Rods
Rods2
Sent: Friday, 22 February 2008 1:56 PM
To: ccielab@groupstudy.com
Subject: Wildcard mask

Hello masters.

I am getting confusing studying some kinds of wildcard masks. I understand
well the tradional wildcard mask for VLSM, but others are very weird.
I would like to know how to calculate this masks, as example:
How to only permit routes that the third octect is 5, 10, 13, 14 using only
two ACL. (Net 192.168.x.0) ?

I got the answer from a book:

access-list 10 permit 192.168.5.0 0.0.8.255
access-list 10 permit 192.168.10.0 0.0.4.255

How to get that answer? I really didn't undestand. Is that rigth ?

Thanks in advance.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Aabid Saleem
Sent: Tuesday, 15 April 2008 1:10 AM
To: Cisco certification
Subject: ACL -- requirement

Hi,
i am new in this list,
I have little confusion in creating an ACL for the network --

I am receiving multiple network from BGP peer from the range 192.168.0.0/16

as per task i need to filter all but allow 192.168.5.0/24,
192.168.10.0/24, 192.168.13.0/24 and 192.168.14.0/24 using only two
line ACL
catch is two line ACL,

please answer it how it can be done for other scenarios, i need to
understand ACL implementation for any other question for the same reason

Aabid

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: Aabid Saleem: "Re: ACL -- requirement"
• Previous message: maz hasan: "Re: ACL -- requirement"
• Maybe in reply to: Aabid Saleem: "ACL -- requirement"
• Next in thread: Aabid Saleem: "Re: ACL -- requirement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:51 ART