Re: [OSL | CCIE_RS] ACL Wildcards

[Kim Pedersen]

Hi Bryan,

 I guess I didnt point out the problem (sounds soo serious :) ), but 
what if the question states: "make these into as few entries as 
possible", and they are soo different that it might not end up in one 
entry (again, with difference in multiple octets).

For example (no logic behind choosing these):
194.64.0.96/27
174.34.87.64/26
193.23.10.8/30
...
Next, imagine 32 addresses just like this :)

How do you go about breaking all of this down?

Sincerely,
Kim Pedersen

Bryan Bartik wrote:
Kim, even if there is more than one octet you still can look at the 
number of bits that are different. Example:

192.168.0.0
192.168.0.1
192.168.1.0
192.168.1.1

The above addresses have 2 bits (bit 0 in the 3rd and 4th octets) that 
differ and we can combine them in one ACL.

3rd and 4th octets:
0000 0000 | 0000 0000
0000 0000 | 0000 0001
0000 0001 | 0000 0000
0000 0001 | 0000 0001

0000 0000 | 0000 0000 AND
0000 0001 | 0000 0001 XOR

192.168.0.0 0.0.1.1 would be the ACL entry.

-hth

Bryan Bartik
CCIE #23707 (R&S), CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com

On Mon, Jun 8, 2009 at 7:47 AM, Rodriguez, Jorge 
<jlrodrig...@ezecastlesoftware.com 
<mailto:jlrodrig...@ezecastlesoftware.com>> wrote:

    Jeremy this should help you in doing the calculating  wildcard  mask

     

    http://www.internetworkexpert.com/resources/01700370.htm

     

    
http://blog.internetworkexpert.com/2007/12/26/q-how-do-i-compute-complex-wildcard-masks-for-access-lists/

     

    Rgds

    Jorge

     

    *From:* ccie_rs-boun...@onlinestudylist.com
    <mailto:ccie_rs-boun...@onlinestudylist.com>
    [mailto:ccie_rs-boun...@onlinestudylist.com
    <mailto:ccie_rs-boun...@onlinestudylist.com>] *On Behalf Of
    *JEREMY FURR (RIT Student)
    *Sent:* Friday, June 05, 2009 10:12 AM
    *To:* ccie_rs@onlinestudylist.com <mailto:ccie_rs@onlinestudylist.com>
    *Subject:* [OSL | CCIE_RS] ACL Wildcards

     

    Does anyone know of a website or book that explains well how ACL
    wildcards work? I have been trying to filter out four blocks from
    a bunch of route advertisments but just can't get the three I want
    through, this is what I have R2 is originating 192.168.2.0/24
    <http://192.168.2.0/24> through 192.168.15.0/24
    <http://192.168.15.0/24> in RIP to R1. I want to only accept
    blocks 192.168.5.0, 192.168.10.0, 192.168.13.0 and 192.168.14.0

     

    If I use acl with 192.168.10.0 0.0.4.0, I will get 10 and 14 but
    not thirteen. For the 5 network I just use the 192.168.5.0
    0.0.0.255.  

     

    Any thoughts or help would be appreciated.

     

    Jeremy Furr

    jkf3...@rit.edu <mailto:jkf3...@rit.edu>




--


--

// Freedom Matters
// Follow my progress on: http://kpjungle.wordpress.com