We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 637 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

364 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi Bruce,

    Yes it is, does help to really understand how the wildcards work. It’s something you probably only could see on a R&S lab though.

    Rene

  2. Hi Bruce,

    I used the .10 in the third octet since that’s the first network we try to match. With the 0.0.48.255 wildcard bits we only match on those 4 networks. Let’s zoom in on those 4 networks and the wildcard:

    10 = 0000 1010
    26 = 0001 1010
    42 = 0010 1010
    56 = 0011 1010

    wc = 0011 0000

    by setting all bits to “0” we lock them, only the 3th and 4th bit is allowed to change:

    00
    01
    10
    11

    Those are the only 4 combinations you can make, resulting in network 192.168.10.0, 192.168.26.0, 192.168.42.0 and 192.168.56.0…nothing else is matched.

    Now look at your wildcard (

    ... Continue reading in our forum

  3. Hey Rene,
    I wanted to ask about using access-lists to solve that classic problem of filtering odd or even routes. Suppose you were asked to create a filter that would allow a route if it were odd in the 2nd octet, and even in the 3rd octet. Obviously, you can accomplish it with this:

    ip access-list standard ACL_ALLOWODDEVEN
    deny 0.0.0.0 255.254.255.255
    deny 0.0.1.0 255.255.254.255
    permit any

    But what isn’t obvious to me, is why the following does NOT work:

    ip access-list standard ACL_COMBO
    deny 0.0.1.0 255.254.254.255
    permit any

    I thought they accomplis

    ... Continue reading in our forum

  4. I must be slow today. I have read over your analysis many times, but I am still not understanding this. Let’s continue to use your range of 10 addresses for the example.

    If I take the entire set of 10. addresses, and run them through the ACL_ODDEVEN filter, just one is left:
    10.1.0.1

    If I take the entire set of 10. addresses, and run them through the ACL_COMBO filter, a total of four is left (which is what you found above):
    10.0.0.1
    10.1.0.1 <------ Also the result of ACL_ODDEVEN
    10.1.1.1
    10.2.0.1

    If we look at the results of the ACL_COMBO in binary (just th

    ... Continue reading in our forum

  5. Ok, I feel like a dope. I finally broke down and charted out what was happening in a spreadsheet. After doing this it became clear.

    Basically, it comes down to this–the ACL_COMBO is doing an “AND” while the ACL_ALLOWEVENODD is doing an “OR”.

    Part of the confusion here is that we are using the ACLs to deny, or filter out, routes (so the logic is flipped). The ACL_COMBO is written too restrictively (hence the resulting filtered set is too large).

    ACL_COMBO is saying “You are denied only if the last bit of the second octet is a zero AND the last bit of the 3rd

    ... Continue reading in our forum

18 more replies! Ask a question or join the discussion by visiting our Community Forum