Good point - I was gutted when the contiguous rule came in. I love playing around with access lists. Same feeling when the GUI became available for the Pix. Job security fading away - making things easier :-) Sensible but saddening for the old folk.
Gaz ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > prior to IOS 12.x, the wild card mask method alowed quite a bit of > flexibility. Suppose you had all of your serers on a particular subnet, but > you wanted a different subset of those servers to be accessible from > different subnets. It used to be that you could specify something like > > access-list 101 permit ip 172.16.24.0 0.0.0.255 192.168.1.0 0.0.0.28 > access-list 101 permit ip 172.16.25.0 0.0.0.255 192.168.1.0 0.0.0.32 > access-list 101 permit ip 172.16.26.0 0.0.0.255 192.168.1.0 0.0.0.65 > > the first line would permit the dot 24 subnet to get to servers with > addresses of dot 4, dot 8, dot 12, dot 16, dot 20, dot 24, and dot 28 > the second line would permit the dot 25 subnet to access the server with the > address of dot 32 > the third line would permit the dot 26 subnet to get to servers dot 1, dot > 64, and dot 65 > > granted, this is a convoluted example. but it allowed flexibility and > creativity in design. > > granted too that you can still accomplish the same thing using the host > switch, or being a little more creative with the network specification. > > With the advent of IOS 12.x wildcard bits must be contiguous from the right, > so you lose this kind of power. Also takes the fun out of the network > a.b.c.d x.x.x.x area command in OSPF! > > BTW, Mark, I see these odd/even filtering questions in your study materials > and elsewhere. While I understand the goal of the exercise, it has always > struck me as a pretty bizarre premise. Where exactly in the real world is > there any design such that filtering by odd or even would be practical? Let > alone filtering by multiples of 4 or 8 or whatever? ( and yes, after two > runs through you know where, I fully appreciate that in some places, like > the brokerage firm where I used to work, there is very little relationship > between the requirements you are given and the real world ) > > Chuck > > > > > ""Marc Russell"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Yes, it does make simple tasks a little more complicated. However, using > > inverse masking can make complex tasks much easier. > > > > Take this issue. Say you are asked to filter access to all odd 192.168.x.0 > > /24 routes. > > > > > > Your method. > > > > 192.168.1.0 255.255.255.0 > > 192.168.3.0 255.255.255.0 > > 192.168.5.0 255.255.255.0 > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30498&t=30473 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]