First off, read what george wrote - it's important to understand the context in which an access-list is being used. What works for one context may not work for another, with an excellent example being packet filtering vs. route filtering.
When you understood that, you need to look at the bit differences (a student in the last class told me a fancy name for it, but Mad Cow disease made me forget). Let's take your example: > 192.168.1.15 1100 0000. 1010 1000. 0000 0001. 0000 1111 > 192.168.1.29 1100 0000. 1010 1000. 0000 0001. 0001 1101 You have two addresses that you want to match with a single ACL line. These two have TWO bit differences. Bits 1 and 4 in the last octet: 15 = 00001111 29 = 00011101 Looking from right to left, bits are numbered from 0 to 7 in the octet. These are also powers of 2: Bit 0 = 2^0 (1) Bit 1 = 2^1 (2) Bit 2 = 2^2 (4) Bit 3 = 2^3 (8) Bit 4 = 2^4 (16) Bit 5 = 2^5 (32) Bit 6 = 2^6 (64) Bit 7 = 2^7 (128) When you have N bit differences, the total number of possible combinations is 2^N. In this case, we have two bit differences, which means that maximum number of combinations is 2^2=4. That means that the only way to write ACL in a single line and encompass these two addresses is to include AT LEAST two others. Given this logic, without calculations, you can only determine if it's POSSIBLE to include several addresses with a single line. Here's a quick cheat: 1. If number of addresses to match is a power of two, it COULD be possible 2. If the bit difference is such that 2^(bit difference) matches the total number of networks it COULD be possible 3. If the difference bits are on the same positions and #1 and #2 are true, it IS possible -- Marko Milivojevic - CCIE #18427 (SP R&S) Senior CCIE Instructor - IPexpert On Wed, Jan 11, 2012 at 07:17, kyujin Choi <[email protected]> wrote: > only one wild card statement vs two wild card statement > > I am practicing wild card. I need to mention what I understand first in > order to get better answers. > > I am missing an ability whether I can express network range by using 1 wild > card statement, or not. (I put examples below) > > --------------------------------------------------------------- > This is what I understand for wild card for 192.168.1.15 - 192.168.1.29 > > 192.168.1.15 1100 0000. 1010 1000. 0000 0001. 0000 1111 > 192.168.1.29 1100 0000. 1010 1000. 0000 0001. 0001 1101 > > (same part) 1100 0000. 1010 1000. 0000 0001. 000x xxxx (192.168.1.0) > (wild card) 0000 0000 .0000 0000 .0000 0000 .31 is wild card. > > 192.168.1.0 0.0.0.31 > > I understand this above. > > > ----------------------- > > 10.1.2.0/24 - 10.1.3.0/24 > > (network by using wild card) > 10.1.2.0 0.0.1.255 > > I understand this above, too. > > > ----------------------------- > > Question) I do understnad this below, but is there any easy way to remember > whether I can express range network through > only one wild card statement or not. > > 10.1.1.0/24 - 10.1.2.0/24 > (what book said) > 10.1.1.0 0.0.0.255 > 10.1.2.0 0.0.0.255 > > > (what I thought) > 10.1.0.0 0.0.3.255 (but this statement covers more than that; 10.1.0.0 - > 10.1.3.255) > > ---------------------- > Another example > > 192.168.32.0/24 - 192.168.40.0/24 > > (what book said) > 192.168.32.0 0.0.7.255 > 192.168.40.0 0.0.0.255 > > (what I thought) > 192.168.32.0 0.0.15.255 (but this statment covers more that that again; > 192.168.32.0 - 192.168.47.255) > > > Consequently, I am missing an ability whether I can express network range > by using 1 wild card statement, or not. > Is there any easy way I can figure it out quickly whether I need more than > 1 wild card statement? > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
