>Yes, it does make simple tasks a little more complicated. However, using >inverse masking can make complex tasks much easier. > >Take this issue. Say you are asked to filter access to all odd 192.168.x.0 >/24 routes. > > >Your method. > >192.168.1.0 255.255.255.0 >192.168.3.0 255.255.255.0 >192.168.5.0 255.255.255.0 >FAQ, list archives, and subscription info:
I see your approach, Marc, and I have even encountered real-world situations where such filtering might be appropriate. It happened when an enterprise wanted to "leave room for expansion", but didn't understand summarization. They assigned odd-numbered subnets to different sites/areas, thinking the even ones would be for future use. My approach, incidentally, is to figure out the number of potential areas or sites, then divide by a power of 2, at least 4, to be summarization-friendly. There's no question that your approach takes fewer lines of code. Personally, I wouldn't use it except in a huge network where there was no other way to fit that many lines into NVRAM. My motivation for not doing so is maintainability. The more complex the mask, the more difficult it will be for some subsequent administrator to figure out what was being done. I might be more open to the idea if Cisco saved comments with the configuration, but, of course, it doesn't. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30483&t=30473 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
