Hi Rob,
Forgot to copy the group :-)
The requirement is to match "only" those networks with the minimum number of
statements. I initially understood it to mean "1" acl. But taking it
literally and verifying it against the answer key, "2" acl statements would
be allowed. Thanks for the reply.
On Tue, Jun 7, 2011 at 7:06 PM, Rob Clav <robclav_at_gmail.com> wrote:
> Hi David,
> if you required to use one without more conditions, then you can
> use 128.0.0.0 0.255.255.255 even.
> As the second reflection, why you say you are not maching both classes? you
> do.
> Robclav
>
>
>
> 2011/6/4 David W. Anderson Jr. <ccie.miami_at_gmail.com>
>
>> Greetings Experts,
>>
>> I have an issue with ACLs and Wildcard matching. I have read Brian's INE
>> explanation of how to calculate them (
>> http://www.ine.com/resources/01700370.htm) and have used it often with no
>> issue. However, I was working on a problem yesterday and was not getting a
>> complete match as I expected. See below:
>>
>>
>> Advertised networks
>> 170.18.105.0
>> 192.80.4.0
>> 192.88.4.0
>> 192.80.1.0
>> 192.88.1.0
>> 192.80.2.0
>> 192.88.2.0
>> 192.80.3.0
>> 192.88.3.0
>>
>> Nets to match:
>> Net 1 - 192.80.2.0
>> Net 2 - 192.80.3.0
>> Net 3 - 192.88.2.0
>> Net 4 - 192.88.3.0
>> Net 5 - 170.18.105.0
>>
>>
>>
>> Net 1 - 1 1 0 0 0 0 0 0 . 0 1 0 1 0 0 0 0 . 0 0 0 0 0 0 1 0 . 0 0 0
>> 0
>> 0 0 0 0
>> Net 2 - 1 1 0 0 0 0 0 0 . 0 1 0 1 0 0 0 0 . 0 0 0 0 0 0 1 1 . 0 0 0
>> 0
>> 0 0 0 0
>> Net 3 - 1 1 0 0 0 0 0 0 . 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 1 0 . 0 0 0
>> 0
>> 0 0 0 0
>> Net 4 - 1 1 0 0 0 0 0 0 . 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 1 1 . 0 0 0
>> 0
>> 0 0 0 0
>> Net 5 - 1 0 1 0 1 0 1 0 . 0 0 0 1 0 0 1 0 . 0 1 1 0 1 0 0 1 . 0 0 0
>> 0
>> 0 0 0 0
>> AND 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
>> 0
>> 0 0 0 128.16.0.0
>>
>>
>> Net 1 - 1 1 0 0 0 0 0 0 . 0 1 0 1 0 0 0 0 . 0 0 0 0 0 0 1 0 . 0 0 0
>> 0
>> 0 0 0 0
>> Net 2 - 1 1 0 0 0 0 0 0 . 0 1 0 1 0 0 0 0 . 0 0 0 0 0 0 1 1 . 0 0 0
>> 0
>> 0 0 0 0
>> Net 3 - 1 1 0 0 0 0 0 0 . 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 1 0 . 0 0 0
>> 0
>> 0 0 0 0
>> Net 4 - 1 1 0 0 0 0 0 0 . 0 1 0 1 1 0 0 0 . 0 0 0 0 0 0 1 1 . 0 0 0
>> 0
>> 0 0 0 0
>> Net 5 - 1 0 1 0 1 0 1 0 . 0 0 0 1 0 0 1 0 . 0 1 1 0 1 0 0 1 . 0 0 0
>> 0
>> 0 0 0 0
>> XOR 0 1 1 0 1 0 1 0 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 0 0 0
>> 0
>> 0 0 0 106.74.107.255
>>
>> So the ACL I apply is access-list 10 permit 128.16.0.0 106.74.107.255
>>
>> The problem I am having is that the 192.80.1.0 and 192.88.1.0 networks are
>> slipping through. Am I miscalculating something or are you not able to
>> match
>> different classes of addresses using this method? I'm pretty sure I've
>> matched Class B and C before. BTW, the answer key is using two separate
>> lines to get the desired results. I thought I would be able to use just
>> one.
>> I hope I've explained this clearly. Any guidance would be appreciated.
>> Thanks.
>>
>>
>>
>>
>>
>> --
>>
>> David
>> ccie.miami_at_gmail.com
>> Lab Date 7/7/11 (Hopefully that date is a lucky one!)
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Robert Clavero
> CCIE RS/wr, CCNP, CCSP, CCSE NGX, SCSA 9, WLFES, BNP y JNCIA WX
> blog:http://robclavbcn.blogspot.com
>
> web:http://www.kubsolutions.com
>
>
-- David ccie.miami_at_gmail.com Lab Date 7/7/11 (Hopefully that date is a lucky one!) Blogs and organic groups at http://www.ccie.netReceived on Thu Jun 09 2011 - 15:45:48 ART
This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:28 ART