I think you're getting it! Alef <[email protected]> wrote:
So basically i could translate 200.0.0.0 0.0.254.0 as: -we only care about the last bit in the 3th octet -if you decide to fill the third octet with a value that is even, you get even networks, odd (and thus using the LSB so the number constitutes a odd number), you get odd networks. you give it a starting point of 200.0.0.0 or 200.0.1.0 and you set the LSB with the value in the third octet so if you set the third octet to a even number, the LSB is not set, if you give it an odd number, the LSB is set. either way, we care. does that make sense? if it does, i guess the hard thing to grasp is that a regular subnetmask is just a mask, it does not set anything. that and it's contiguous in hierarchy. On Jun 2, 2011, at 12:52 AM, Di Bias, Steve wrote: > Excellent post Adam! > > I used to be stuck in that wildcard mask equals inverted mask paradigm myself! > > Once you start getting the hang of it it's like riding a bike! I like to > break everything out into binary in order to calculate the wildcard masks, it > makes it much easier. > > Expanding on what Adam posted you can do some very interesting things with > wildcard masks. For example we may be asked to match only even or odd numbers > in the second octet of an access list for certain networks (102.X) > > Basically a 0 in the IP will be even and a 1 in the IP will be odd > > 128|64|32|16|8|4|2|1 > > 102.00000001 = 102.1 - odd > 102.00000011 = 102.3 - odd > 102.00000101 = 102.5 - odd > 102.00000010 = 102.2 - even > 102.00000100 = 102.4 - even > 102.00000110 = 102.6 - even > > For evens in the 2nd octet -- access-list 22 permit 102.0.0.0 0.254.0.0 > > For odds in the 2nd octet -- access-list 22 permit 102.1.0.0 0.254.0.0 > > We could take this a step further if we were asked to create an ACL matching > two different IP addresses in a single line (5.10.15.20 and 20.15.10.5) > > To do this we write them out in binary and perform AND/OR logic against them. > With the AND logic we find the similarities and with the OR logic we find the > differences. So AND for network and OR for wildcard > > 5.10.15.20 = 00000101.00001010.00001111.00010100 > 20.15.10.5 = 00010100.00001111.00001010.00000101 > > AND > > 00000101.00001010.00001111.00010100 > 00010100.00001111.00001010.00000101 > -------------------------------------- > 00000100.00001010.00001010.00000100 = 4.10.10.4 > > XOR > > 00000101.00001010.00001111.00010100 > 00010100.00001111.00001010.00000101 > -------------------------------------- > 00010001.00000101.00000101.00010001 = 17.5.5.17 > > > So the end result could be something like "access-list 10 deny 4.10.10.4 > 17.5.5.17" > > Of course we will be matching on more then just these two hosts, however it > just demonstrated to show the power of this stuff. > > I also sent you some other links in a unicast. > > HTH > > Thank you, > > Steve Di Bias > Network Engineer - Information Systems > Valley Health System - Las Vegas > Office - 702- 369-7594 > Cell - 702-241-1801 > [email protected] > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Adam Booth > Sent: Wednesday, June 01, 2011 3:47 PM > To: Alef > Cc: [email protected] IE > Subject: Re: [OSL | CCIE_RS] wildcard masks > > Hi Alef, > > Which part is getting you confused? > > One of the most important things to be aware of is that a wildcard mask is > not just an inverted network mask. > > A rule regarding netmasks is that when looking at it as a binary sequence it > has to be a bunch of consecutive 1s and 0s, as soon as the first 0 appears, > the following digits must continue to be 0 > > For a wild card mask, the above concept does not apply, 1s and 0s can be in > any order. The binary sequence of the wild card mask has a meaning that a > 0 means, the value of this bit much match, where a 1 means, I don't care > what the source value is and is therefore an implied match. > > To give a simple example, say you are in OSPF and have an interface > 192.168.1.1/24 that you wish to enable. > > You could be most specific and do > > router ospf 1 > network 192.168.1.1 0.0.0.0 area 0 > > or more general and do > > router ospf 1 > network 192.168.1.0 0.0.0.255 area 0 > > I guess you could just go directly to the interface and do "ip ospf 1 area > 0" but that kind of sidelines the use case here, so lets ignore that for the > time being :) > > in both cases OSPF would be enabled for the interface, however if you wanted > to have the most direct control, specifying the complete address and using > an exact wildcard mask ensures that only that interface gets activated. For > example if I renumbered the interface on 192.168.1.1/24 to > 192.168.1.111/24in the first case OSPF would be disabled for the > interface and the later it > would not since the IP still matches the wildcard mask. > > There are also interesting things you can do with ACLs to match multiple > non-consecutive IP addresses by use of an interesting wildcard mask, these > rely on a base IP address and a wildcard string that relies on must > match/don't care values for the binary string. > > Is that of any help? > > Cheers, > Adam > > > On Thu, Jun 2, 2011 at 7:22 AM, Alef <[email protected]> wrote: > >> Does anyone have any recommendations for a good tutorial on wildcard masks? >> I know the one on the ipexpert site, i'm afraid i need some more material to >> digest if possible ;-) >> i'm somewhere in between getting it and not getting it i think >> thanks, >> alef >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > UHS Confidentiality Notice: This e-mail message, including any attachments, > is for the sole use of the intended recipient (s) and may contain > confidential and privileged information. Any unauthorized review, use, > disclosure or distribution of this information is prohibited. If this was > sent to you in error, please notify the sender by reply e-mail and destroy > all copies of the original message. UHS Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient (s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited. If this was sent to you in error, please notify the sender by reply e-mail and destroy all copies of the original message. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
