Re: [OSL | CCIE_RS] ACL Wildcards

Sat, 06 Jun 2009 14:12:02 -0700 

    Bryan,
    Thanks for the clarification. It worked like a champ. I have been trying
to wrap my brain around this ACL wildcard for sometime.

Thanks again.
J



On 6/5/09 11:50 PM, "Bryan Bartik" <[email protected]> wrote:

> I don't know of any books but there is a video in the R&S Blended Learning
> Solution with some examples and exercises. This is how I do it:
> 
> Focusing on your third octet you have
> 
> 5
> 10
> 13
> 14
> 
> In binary that is:
> 
> 0000 0101
> 0000 1010
> 0000 1101
> 0000 1110
> 
> We will not be able to use a one-line ACL with this. The only way a one line
> ACL can match only 4 networks is if the the number of differing bits is 2 (2^2
> = 4). In this case we have 4 differing bits, so the least amount of networks
> we could match with a one-line ACL would be 2^4=16. But we may be able to
> break it into 2 ACLs.
> 
> 5 and 13 only differ in one bit (bit 3)
> 10 and 14 only differ in one bit (bit 2)
> 
> So we can use 1 ACL line for each. Here is 5 and 10:
> 
> 0000 0101
> 0000 1101
> ---------------
> 0000 0101 AND = 5
> 0000 1000 XOR = 8
> 
> 192.168.5.0 0.0.8.0
> 
> Now for 10 and 14
> 
> 0000 1010
> 0000 1110
> ---------------
> 0000 1010 AND = 10
> 0000 0100 XOR = 4
> 
> 192.168.10.0 0.0.4.0
> 
> So you would have a 2 line ACL
> 
> 192.168.5.0 0.0.8.0
> 192.168.10.0 0.0.4.0
> 
> -hth
> 
> On Fri, Jun 5, 2009 at 8:11 AM, JEREMY FURR (RIT Student) <[email protected]>
> wrote:
>> Does anyone know of a website or book that explains well how ACL wildcards
>> work? I have been trying to filter out four blocks from a bunch of route
>> advertisments but just can't get the three I want through, this is what I
>> have R2 is originating 192.168.2.0/24 <http://192.168.2.0/24>  through
>> 192.168.15.0/24 <http://192.168.15.0/24>  in RIP to R1. I want to only accept
>> blocks 192.168.5.0, 192.168.10.0, 192.168.13.0 and 192.168.14.0
>>  
>> If I use acl with 192.168.10.0 0.0.4.0, I will get 10 and 14 but not
>> thirteen. For the 5 network I just use the 192.168.5.0 0.0.0.255.  
>>  
>> Any thoughts or help would be appreciated.
>>  
>> Jeremy Furr [email protected]
> 
>

Reply via email to