RE: doubt regarding odd and even routes

The term route was used, so I assume this means allows the 192.168.1.0/24 and 192.168.3.0/24. To me, this means that the ACL would then be:

permit 192.168.1.0 0.0.2.0.

The example below does allow all hosts through, but depending on exactly how the question is worded, it might not be the most precise solution. When it comes to lab day, precision is key.

-ryan

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Molomo
Sent: Wednesday, July 22, 2009 5:47 AM
To: Raghav Bhargava
Cc: ccie_at_reid.it; Cisco certification
Subject: Re: doubt regarding odd and even routes

Raghav,

If you take only third octet in binary,

1 = 0000 0001
3 = 0000 0011

The only bit that is chaning is the second right most, so if you make
that bit 1 and the rest zeros you get 0000 0010 , which is 2 in
decimal and that gives you the wildcard . For the network part you
must AND the two binary numbers

AND
   0000 0001
   0000 0011

= 0000 0001

then you get,

 pernit 192.168.1.0 0.0.2.255, to match hosts only from those two networks.

HTH

Molomo

On 7/22/09, Raghav Bhargava <raghavbhargava12_at_gmail.com> wrote:
> Hi andy,,
>
> Thank you very much for your explanation. But in my case if I have to allow
> only the 2 subnets i.e 192.168.1.1 and 192.168.3.1
> then this ACL works for me.
>
> ip access-list standard r1-r2
> permit 192.168.1.0 0.0.2.255
>
> Now I basically want to knw about the number 2 in the subnet mask that is
> being used. I got confused in that.
>
> thanks for all you help..
> raghav
>
>
> On Tue, Jul 21, 2009 at 11:24 PM, Andy Reid <ccie_at_reid.it> wrote:
>
>> Hi Raghav,
>>
>> The 254 within the wildcard bits 3rd octet is saying that we don't care
>> about the first 7 bits within that octet, but the last bit we do care
>> about.
>> Whether that last bit is a zero or a one will determine what group it fits
>> into.
>>
>> access-list 1 permit 192.168.0.0 0.0.254.255
>> Access list 1 will permit all the even subnets: 192.168.2.1, 192.168.4.1,
>> 192.168.6.1
>>
>> access-list 2 permit 192.168.1.0 0.0.254.255
>> Access list 2 will permit all the odd subnets: 192.168.1.1, 192.168.3.1,
>> 192.168.5.1
>>
>> The key point to remember is that wildcard bits are not the same as taking
>> the inverse of a subnet mask. If you reduce the interesting octet down to
>> pure bits and draw it out on a scrap piece of paper it should make more
>> sense.
>>
>> Of course, if you only want to allow two IP subnets through, and not a
>> group of IP subnets, then the access list could be simply:
>> access-list 3 permit 192.168.1.0 0.0.0.255
>> access-list 3 permit 192.168.3.0 0.0.0.255
>>
>> regards Andy
>>
>>
>> Raghav Bhargava wrote:
>>
>>> Hi Experts,
>>>
>>> Once again a simple question but I just got confused .
>>>
>>> Lets say we have the following routes on R1
>>>
>>> 192.168.1.1
>>> 192.168.2.1
>>> 192.168.3.1
>>> 192.168.4.1
>>> 192.168.5.1
>>> 192.168.6.1
>>>
>>> Now lets say i want only 192.168.1.1 and 192.168.3.1 on R2
>>>
>>> so can i say the access-list will be something like this
>>>
>>> ip access-list standard r1-r2
>>> permit 192.168.1.0 0.0.254.255
>>>
>>> OR will it be
>>>
>>> ip access-list standard r1-r2
>>> permit 192.168.1.0 0.0.2.255
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
> --
> Warm Regards
> Raghav
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 22 2009 - 08:30:11 ART