Re: ACL and Wildcard from Rob Clav on 2011-06-07 (Ccielab archives 06/2011)

From: Rob Clav <robclav_at_gmail.com>
Date: Wed, 8 Jun 2011 01:06:18 +0200

Hi David,
if you required to use one without more conditions, then you can
use 128.0.0.0 0.255.255.255 even.
As the second reflection, why you say you are not maching both classes? you
do.
Robclav

2011/6/4 David W. Anderson Jr. <ccie.miami_at_gmail.com>

> Greetings Experts,
>
> I have an issue with ACLs and Wildcard matching. I have read Brian's INE
> explanation of how to calculate them (
> http://www.ine.com/resources/01700370.htm) and have used it often with no
> issue. However, I was working on a problem yesterday and was not getting a
> complete match as I expected. See below:
>
>
> Advertised networks
> 170.18.105.0
> 192.80.4.0
> 192.88.4.0
> 192.80.1.0
> 192.88.1.0
> 192.80.2.0
> 192.88.2.0
> 192.80.3.0
> 192.88.3.0
>
> Nets to match:
> Net 1 - 192.80.2.0
> Net 2 - 192.80.3.0
> Net 3 - 192.88.2.0
> Net 4 - 192.88.3.0
> Net 5 - 170.18.105.0
>
>
>
> Net 1 - 1 1 0 0 0 0 0 0 . 0 1 0 1 0 0 0 0 . 0 0 0 0 0 0 1 0 . 0 0 0 0
> 0 0 0 0
> Net 2 - 1 1 0 0 0 0 0 0 . 0 1 0 1 0 0 0 0 . 0 0 0 0 0 0 1 1 . 0 0 0 0
> 0 0 0 0
> Net 3 - 1 1 0 0 0 0 0 0 . 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 1 0 . 0 0 0 0
> 0 0 0 0
> Net 4 - 1 1 0 0 0 0 0 0 . 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 1 1 . 0 0 0 0
> 0 0 0 0
> Net 5 - 1 0 1 0 1 0 1 0 . 0 0 0 1 0 0 1 0 . 0 1 1 0 1 0 0 1 . 0 0 0 0
> 0 0 0 0
> AND 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
> 0
> 0 0 0 128.16.0.0
>
>
> Net 1 - 1 1 0 0 0 0 0 0 . 0 1 0 1 0 0 0 0 . 0 0 0 0 0 0 1 0 . 0 0 0 0
> 0 0 0 0
> Net 2 - 1 1 0 0 0 0 0 0 . 0 1 0 1 0 0 0 0 . 0 0 0 0 0 0 1 1 . 0 0 0 0
> 0 0 0 0
> Net 3 - 1 1 0 0 0 0 0 0 . 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 1 0 . 0 0 0 0
> 0 0 0 0
> Net 4 - 1 1 0 0 0 0 0 0 . 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 1 1 . 0 0 0 0
> 0 0 0 0
> Net 5 - 1 0 1 0 1 0 1 0 . 0 0 0 1 0 0 1 0 . 0 1 1 0 1 0 0 1 . 0 0 0 0
> 0 0 0 0
> XOR 0 1 1 0 1 0 1 0 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 0 0 0
> 0
> 0 0 0 106.74.107.255
>
> So the ACL I apply is access-list 10 permit 128.16.0.0 106.74.107.255
>
> The problem I am having is that the 192.80.1.0 and 192.88.1.0 networks are
> slipping through. Am I miscalculating something or are you not able to
> match
> different classes of addresses using this method? I'm pretty sure I've
> matched Class B and C before. BTW, the answer key is using two separate
> lines to get the desired results. I thought I would be able to use just
> one.
> I hope I've explained this clearly. Any guidance would be appreciated.
> Thanks.
>
>
>
>
>
> --
>
> David
> ccie.miami_at_gmail.com
> Lab Date 7/7/11 (Hopefully that date is a lucky one!)
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Robert Clavero
CCIE RS/wr, CCNP, CCSP, CCSE NGX, SCSA 9, WLFES, BNP y JNCIA WX
blog:http://robclavbcn.blogspot.com
 web:http://www.kubsolutions.com
Blogs and organic groups at http://www.ccie.net

Received on Wed Jun 08 2011 - 01:06:18 ART

This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:28 ART