Hi Raghav,
The 254 within the wildcard bits 3rd octet is saying that we don't care
about the first 7 bits within that octet, but the last bit we do care
about. Whether that last bit is a zero or a one will determine what
group it fits into.
access-list 1 permit 192.168.0.0 0.0.254.255
Access list 1 will permit all the even subnets: 192.168.2.1,
192.168.4.1, 192.168.6.1
access-list 2 permit 192.168.1.0 0.0.254.255
Access list 2 will permit all the odd subnets: 192.168.1.1, 192.168.3.1,
192.168.5.1
The key point to remember is that wildcard bits are not the same as
taking the inverse of a subnet mask. If you reduce the interesting octet
down to pure bits and draw it out on a scrap piece of paper it should
make more sense.
Of course, if you only want to allow two IP subnets through, and not a
group of IP subnets, then the access list could be simply:
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 permit 192.168.3.0 0.0.0.255
regards Andy
Raghav Bhargava wrote:
> Hi Experts,
>
> Once again a simple question but I just got confused .
>
> Lets say we have the following routes on R1
>
> 192.168.1.1
> 192.168.2.1
> 192.168.3.1
> 192.168.4.1
> 192.168.5.1
> 192.168.6.1
>
> Now lets say i want only 192.168.1.1 and 192.168.3.1 on R2
>
> so can i say the access-list will be something like this
>
> ip access-list standard r1-r2
> permit 192.168.1.0 0.0.254.255
>
> OR will it be
>
> ip access-list standard r1-r2
> permit 192.168.1.0 0.0.2.255
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 22 2009 - 14:24:18 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART