GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: help with complex wildcard masks posted 10/11/2007
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Taking a stab at it... someone sing out if they have a better idea...

You first want to permit 10.1.0.0/16 - 10.20.0.0/16

Permit ip 10.1.0.0 0.0.255.255   (permits 10.1.0.0/16)
Permit ip 10.2.0.0 0.1.255.255   (permits 10.2.0.0/16 - 10.3.0.0/16)
Permit ip 10.4.0.0 0.3.255.255   (permits 10.4.0.0/16 - 10.7.0.0/16)
Permit ip 10.8.0.0 0.7.255.255   (permits 10.8.0.0/16 - 10.15.0.0/16)
Permit ip 10.16.0.0 0.3.255.255  (permits 10.16.0.0/16 - 10.19.0.0/16)
Permit ip 10.20.0.0 0.0.255.255  (permits 10.20.0.0/16)

The first part would have been easier if they had allowed 10.0.0.0/16 to be
permited, but since they said start with 10.1.0.0/24, it got more tricky.

Part 2 is the 10.21.0.0/16 subnet, minus 10.21.1.0/24.

Permit ip 10.21.0.0 0.0.0.255   (permits 10.21.0.0/24)
Permit ip 10.21.2.0 0.0.1.255   (permits 10.21.2-3.0/24)
Permit ip 10.21.4.0 0.0.3.255   (permits 10.21.4-7.0/24)
Permit ip 10.21.8.0 0.0.7.255   (permits 10.21.8-15.0/24)
Permit ip 10.21.16.0 0.0.15.255 (permits 10.21.16-31.0/24)
Permit ip 10.21.32.0 0.0.31.255 (permits 10.21.32-63.0/24)
Permit ip 10.21.64.0 0.0.63.255 (permits 10.21.64-127.0/24)
Permit ip 10.21.128.0 0.0.127.255 (permits 10.21.128-255.0/24)

Part 3 is the 10.22.0.0/16 - 10.127.0.0/16

Permit ip 10.22.0.0 0.0.1.255   (permits 10.22.0.0/16 and 10.23.0.0/16)
Permit ip 10.24.0.0 0.0.7.255   (permits 10.24.0.0/16 through 10.31.0.0/16)
Permit ip 10.32.0.0 0.0.31.255  (permits 10.32.0.0/16 through 10.63.0.0/16)
Permit ip 10.64.0.0 0.0.63.255  (permits 10.64.0.0/16 through 10.127.0.0/16)

Part 4 is the first subnets of 10.128.0.0/16
Permit ip 10.128.0.0 0.0.15.255  (permits 10.128.0.0/24 through
10.128.15.0/24)
Permit ip 10.128.16.0 0.0.0.255  (permits 10.128.16.0/24)





-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of Clay
K Auch (clauch)
Sent: Thursday, October 11, 2007 3:18 PM
To: Joseph Brunner; Cisco certification
Subject: RE: help with complex wildcard masks

Hey man,

Did you ever figure out that wildcard problem from about a week or so back?

Clay 
 
-----Original Message-----
From: Joseph Brunner [mailto:joe@xxxxxxxxxxxxxxxxxxx] 
Sent: Monday, October 01, 2007 10:50 PM
To: Clay K Auch (clauch); 'Cisco certification'
Subject: RE: help with complex wildcard masks

I agree, I was referring to that link when I said I knew how to do those
tasks in that link.

This link has not yet yield a strategy to tackle questions like this one...

"Permit 10.1.0.0/24 through 10.128.16.0/24. Do not permit 10.21.1.0/24. Do
not use any deny statements. Use as few lines a possible, yada yada yada."

See?

Help :(

-----Original Message-----
From: Clay K Auch (clauch) [mailto:clauch@xxxxxxxxx]
Sent: Monday, October 01, 2007 10:49 PM
To: Joseph Brunner; Cisco certification
Subject: RE: help with complex wildcard masks


Hello Joseph,

I highly recommend this link below. They have laid out the information in
such a way that allows you to understand it by the end of the read.

http://www.internetworkexpert.com/resources/01700370.htm

Enjoy!

Clay 
 
-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Joseph Brunner
Sent: Monday, October 01, 2007 9:08 PM
To: 'Cisco certification'
Subject: help with complex wildcard masks

Good evening (or morning/afternoon if you are east of ZULU time),

 

I was wondering if someone can point me to a good source of information for
calculating complex wild card masks. I'm very fast/accurate and
anding/xoring a few

Ip addresses and coming up with an ip address and a discontinuous-ones wild
card mask to permit several addresses on one acl line thanks to the Brians's
nice paper we all see here often. I'm more interested in things like this.

 

Match 10.0.1.0/24 through 10.248.0.0/24 in as few acl lines as possible. 

 

What is the trick to calculation of the wild card masks? I often see weird
answers here and there that wont match a few subnets from that group (say
3), then they bundle them in to make 4 or 5 lines to solve the above
question. 

 

I would really appreciate some direction here.

 

Thanks,

 

Joseph Brunner

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html

_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html