Re: doubt regarding odd and even routes from Raghav Bhargava on 2009-07-22 (Ccielab archives 07/2009)

From: Raghav Bhargava <raghavbhargava12_at_gmail.com>
Date: Tue, 21 Jul 2009 23:27:46 -0700

Hi andy,,

Thank you very much for your explanation. But in my case if I have to allow
only the 2 subnets i.e 192.168.1.1 and 192.168.3.1
then this ACL works for me.

ip access-list standard r1-r2
permit 192.168.1.0 0.0.2.255

Now I basically want to knw about the number 2 in the subnet mask that is
being used. I got confused in that.

thanks for all you help..
raghav

On Tue, Jul 21, 2009 at 11:24 PM, Andy Reid <ccie_at_reid.it> wrote:

> Hi Raghav,
>
> The 254 within the wildcard bits 3rd octet is saying that we don't care
> about the first 7 bits within that octet, but the last bit we do care about.
> Whether that last bit is a zero or a one will determine what group it fits
> into.
>
> access-list 1 permit 192.168.0.0 0.0.254.255
> Access list 1 will permit all the even subnets: 192.168.2.1, 192.168.4.1,
> 192.168.6.1
>
> access-list 2 permit 192.168.1.0 0.0.254.255
> Access list 2 will permit all the odd subnets: 192.168.1.1, 192.168.3.1,
> 192.168.5.1
>
> The key point to remember is that wildcard bits are not the same as taking
> the inverse of a subnet mask. If you reduce the interesting octet down to
> pure bits and draw it out on a scrap piece of paper it should make more
> sense.
>
> Of course, if you only want to allow two IP subnets through, and not a
> group of IP subnets, then the access list could be simply:
> access-list 3 permit 192.168.1.0 0.0.0.255
> access-list 3 permit 192.168.3.0 0.0.0.255
>
> regards Andy
>
>
> Raghav Bhargava wrote:
>
>> Hi Experts,
>>
>> Once again a simple question but I just got confused .
>>
>> Lets say we have the following routes on R1
>>
>> 192.168.1.1
>> 192.168.2.1
>> 192.168.3.1
>> 192.168.4.1
>> 192.168.5.1
>> 192.168.6.1
>>
>> Now lets say i want only 192.168.1.1 and 192.168.3.1 on R2
>>
>> so can i say the access-list will be something like this
>>
>> ip access-list standard r1-r2
>> permit 192.168.1.0 0.0.254.255
>>
>> OR will it be
>>
>> ip access-list standard r1-r2
>> permit 192.168.1.0 0.0.2.255
>>
>>
>>
>>
>>
>
>

-- 
Warm Regards
Raghav
Blogs and organic groups at http://www.ccie.net

Received on Tue Jul 21 2009 - 23:27:46 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART