Hi, Firstly, all the examples you quote are correct. I think that the determining factor whether you can use one statement or two is the context of what you are trying to configure and the requirements of any task. If the wild card mask includes addresses that are not within the range you have to cover, and this conflicts with other real addresses in this range, it could cause problems. So depends on the use of the access-list. For route summarisation, for example, you may get away with it as packets would follow the more specific route if it existed. For security however, you may be opening up more subnets that you want. So, the answer is.....it depends!
Basically, it comes down to the requirement: do you have to cover a range of addresses EXACTLY and not worry about ACL length; or do you have to minimise the number of ACL entries? If you are not guided, I tend to cover only the exact range necessary, no more, and not worry about the length of the ACL. HTH, George. > Date: Wed, 11 Jan 2012 10:17:30 -0500 > From: [email protected] > To: [email protected] > Subject: [OSL | CCIE_RS] Question: only one wild card statement vs two wild > card statement > > only one wild card statement vs two wild card statement > > I am practicing wild card. I need to mention what I understand first in > order to get better answers. > > I am missing an ability whether I can express network range by using 1 wild > card statement, or not. (I put examples below) > > --------------------------------------------------------------- > This is what I understand for wild card for 192.168.1.15 - 192.168.1.29 > > 192.168.1.15 1100 0000. 1010 1000. 0000 0001. 0000 1111 > 192.168.1.29 1100 0000. 1010 1000. 0000 0001. 0001 1101 > > (same part) 1100 0000. 1010 1000. 0000 0001. 000x xxxx (192.168.1.0) > (wild card) 0000 0000 .0000 0000 .0000 0000 .31 is wild card. > > 192.168.1.0 0.0.0.31 > > I understand this above. > > > ----------------------- > > 10.1.2.0/24 - 10.1.3.0/24 > > (network by using wild card) > 10.1.2.0 0.0.1.255 > > I understand this above, too. > > > ----------------------------- > > Question) I do understnad this below, but is there any easy way to remember > whether I can express range network through > only one wild card statement or not. > > 10.1.1.0/24 - 10.1.2.0/24 > (what book said) > 10.1.1.0 0.0.0.255 > 10.1.2.0 0.0.0.255 > > > (what I thought) > 10.1.0.0 0.0.3.255 (but this statement covers more than that; 10.1.0.0 - > 10.1.3.255) > > ---------------------- > Another example > > 192.168.32.0/24 - 192.168.40.0/24 > > (what book said) > 192.168.32.0 0.0.7.255 > 192.168.40.0 0.0.0.255 > > (what I thought) > 192.168.32.0 0.0.15.255 (but this statment covers more that that again; > 192.168.32.0 - 192.168.47.255) > > > Consequently, I am missing an ability whether I can express network range > by using 1 wild card statement, or not. > Is there any easy way I can figure it out quickly whether I need more than > 1 wild card statement? > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
