Kim When it has a large amount of differences you need to find similarities between them to put them together
194 is 11000010 174 is 10101110 This is 4 bit differences so you would have to have 16 entries to match them as one line without matching additional subnets It is important to also note if they say to not match any additional networks or if they just say to combine them to as few lines without specifying that you can't match additional networks as well. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kim Pedersen Sent: Monday, June 08, 2009 11:28 AM To: Bryan Bartik Cc: [email protected] Subject: Re: [OSL | CCIE_RS] ACL Wildcards Hi Bryan, I guess I didnt point out the problem (sounds soo serious :) ), but what if the question states: "make these into as few entries as possible", and they are soo different that it might not end up in one entry (again, with difference in multiple octets). For example (no logic behind choosing these): 194.64.0.96/27 174.34.87.64/26 193.23.10.8/30 ... Next, imagine 32 addresses just like this :) How do you go about breaking all of this down? Sincerely, Kim Pedersen Bryan Bartik wrote: > Kim, even if there is more than one octet you still can look at the > number of bits that are different. Example: > > 192.168.0.0 > 192.168.0.1 > 192.168.1.0 > 192.168.1.1 > > The above addresses have 2 bits (bit 0 in the 3rd and 4th octets) that > differ and we can combine them in one ACL. > > 3rd and 4th octets: > 0000 0000 | 0000 0000 > 0000 0000 | 0000 0001 > 0000 0001 | 0000 0000 > 0000 0001 | 0000 0001 > > 0000 0000 | 0000 0000 AND > 0000 0001 | 0000 0001 XOR > > 192.168.0.0 0.0.1.1 would be the ACL entry. > > -hth > > Bryan Bartik > CCIE #23707 (R&S), CCNP > Sr. Support Engineer - IPexpert, Inc. > URL: http://www.IPexpert.com > > On Mon, Jun 8, 2009 at 7:47 AM, Rodriguez, Jorge > <[email protected] > <mailto:[email protected]>> wrote: > > Jeremy this should help you in doing the calculating wildcard mask > > > > http://www.internetworkexpert.com/resources/01700370.htm > > > > http://blog.internetworkexpert.com/2007/12/26/q-how-do-i-compute-complex-wil dcard-masks-for-access-lists/ > > > > Rgds > > Jorge > > > > *From:* [email protected] > <mailto:[email protected]> > [mailto:[email protected] > <mailto:[email protected]>] *On Behalf Of > *JEREMY FURR (RIT Student) > *Sent:* Friday, June 05, 2009 10:12 AM > *To:* [email protected] <mailto:[email protected]> > *Subject:* [OSL | CCIE_RS] ACL Wildcards > > > > Does anyone know of a website or book that explains well how ACL > wildcards work? I have been trying to filter out four blocks from > a bunch of route advertisments but just can't get the three I want > through, this is what I have R2 is originating 192.168.2.0/24 > <http://192.168.2.0/24> through 192.168.15.0/24 > <http://192.168.15.0/24> in RIP to R1. I want to only accept > blocks 192.168.5.0, 192.168.10.0, 192.168.13.0 and 192.168.14.0 > > > > If I use acl with 192.168.10.0 0.0.4.0, I will get 10 and 14 but > not thirteen. For the 5 network I just use the 192.168.5.0 > 0.0.0.255. > > > > Any thoughts or help would be appreciated. > > > > Jeremy Furr > > [email protected] <mailto:[email protected]> > > > > > -- > -- // Freedom Matters // Follow my progress on: http://kpjungle.wordpress.com
