Tags: ,

## Forum Replies

1. Hi Bruce,

Yes it is, does help to really understand how the wildcards work. It’s something you probably only could see on a R&S lab though.

Rene

2. Hi Bruce,

I used the .10 in the third octet since that’s the first network we try to match. With the 0.0.48.255 wildcard bits we only match on those 4 networks. Let’s zoom in on those 4 networks and the wildcard:

10 = 0000 1010
26 = 0001 1010
42 = 0010 1010
56 = 0011 1010

wc = 0011 0000

by setting all bits to “0” we lock them, only the 3th and 4th bit is allowed to change:

00
01
10
11

Those are the only 4 combinations you can make, resulting in network 192.168.10.0, 192.168.26.0, 192.168.42.0 and 192.168.56.0…nothing else is matched.

Now look at your wildcard (

... Continue reading in our forum

3. Hey Rene,
I wanted to ask about using access-lists to solve that classic problem of filtering odd or even routes. Suppose you were asked to create a filter that would allow a route if it were odd in the 2nd octet, and even in the 3rd octet. Obviously, you can accomplish it with this:

ip access-list standard ACL_ALLOWODDEVEN
deny 0.0.0.0 255.254.255.255
deny 0.0.1.0 255.255.254.255
permit any

But what isn’t obvious to me, is why the following does NOT work:

ip access-list standard ACL_COMBO
deny 0.0.1.0 255.254.254.255
permit any

I thought they accomplis

... Continue reading in our forum

4. I must be slow today. I have read over your analysis many times, but I am still not understanding this. Let’s continue to use your range of 10 addresses for the example.

If I take the entire set of 10. addresses, and run them through the ACL_ODDEVEN filter, just one is left:
10.1.0.1

If I take the entire set of 10. addresses, and run them through the ACL_COMBO filter, a total of four is left (which is what you found above):
10.0.0.1
10.1.0.1 <------ Also the result of ACL_ODDEVEN
10.1.1.1
10.2.0.1

If we look at the results of the ACL_COMBO in binary (just th

... Continue reading in our forum

5. Ok, I feel like a dope. I finally broke down and charted out what was happening in a spreadsheet. After doing this it became clear.

Basically, it comes down to this–the ACL_COMBO is doing an “AND” while the ACL_ALLOWEVENODD is doing an “OR”.

Part of the confusion here is that we are using the ACLs to deny, or filter out, routes (so the logic is flipped). The ACL_COMBO is written too restrictively (hence the resulting filtered set is too large).

ACL_COMBO is saying “You are denied only if the last bit of the second octet is a zero AND the last bit of the 3rd

... Continue reading in our forum

18 more replies! Ask a question or join the discussion by visiting our Community Forum