Your mask for the last octet should end in an even number. This forces a check of the last bit position. If you want to allow/deny an even number then your "test against" address should end in an even number. If it is for an odd number, then the "test against" address should end in odd.
Ex: access-list 10 deny 172.16.8.1 0.0.0.254 access-list 10 permit any This would deny all odd addresses on the 172.16.8.0 /24 network. Change the 1 in the last octet of the "test against" to 0 and it denies all even addresses. Todd Lammle's book, CCNA Study Guide, ISBN 0782126472 does an excellent job of explaining access-lists and wild card masks. I would recommend your getting it. If you're going to teach others, you need to understand this at a deeper level than what your question indicates you currently have in this often misunderstood and difficult to teach area. You will find that those students who had difficulty with subnetting will definitely crash & burn when it comes to wild card masks. It requires various approaches to get the concept across. HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy SUranjith Ariyapperuma wrote: > Dear Friends, > I am trying to figure out how to block even/odd access out of the > subnet!. I have managed to see the effect of the last bit of the last > octet , yet wouuldn't know how to get the wild card mask !. > Could you please help me as I will be taking the CCAI fast track on > wednesday. > Suranjith Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21598&t=21598 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]