You could also use deny statements to prune out what you don't want. But Joe's solution is the easy way.
From: [email protected] [mailto:[email protected]] On Behalf Of Joe Astorino Sent: Monday, May 18, 2009 10:11 AM To: Antonio Dee Hotmail; [email protected]; CCIE OSL Subject: Re: [OSL | CCIE_RS] ACL filtering blues Let's look at the binary: 10: 00001010 13: 00001101 14: 00001110 Look for patterns. The 10 and the 14 have only 1 bit of difference. That means we can have exactly 2 matches right? Our 10 and or 14! So ! This permits the 10 and 14 Permit 10.10.10.0 0.0.4.0 Now, we need one other single line to permit the 13 by itself. Permit 10.10.13.0 0.0.0.0 So, your original mask of 0.0.4.0 actually only covers 10 and 14 not all 3. Make sense? Regards, Joe Astorino CCIE #24347 (R&S) Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com ________________________________ From: "Antonio Dee Hotmail" Date: Mon, 18 May 2009 23:23:05 +0930 To: 'CCIE_RS OnlineStudyList'<[email protected]> Subject: [OSL | CCIE_RS] ACL filtering blues Hi All, Need some help on ACL calculation. This is general ACL filtering scenario. I'm just practicing on ACL filtering especially on the non-continuous wildcards. i've injected this to my test router but i don't seem to get the logic why it's this wildcard. can somebody enlighten me on this? I know 0 in the wildcard are care bits and 1 don't care, just the opposite of a subnet mask. Example Scenario: I get this networks from a backbone router: network 10.10.10.0 network 10.10.11.0 network 10.10.12.0 network 10.10.13.0 network 10.10.14.0 network 10.10.15.0 network 10.10.16.0 I want to filter on the third octet and allow only 10, 13, 14 to come in been playing with various values on the wildcard, and the working value is 0.0.4.0 , WHY???? Kind Regards, Antonio
