I know it may look a very bacis question, but frankly I searched the net, books & asked many friends and no one could help.
I want to create one or two access list to hit the following ip prefix.
may you kindly explain it for me by binary calculation.
I think that your question is asking about ways to have a single line in the ACL match more than one address so that with one or two lines of ACL you could match these 5 addresses. The way to start that is to figure what these addresses have in common. they all have 192.168 in the first two octets and 0 in the last octet. So the third octet is where there is any variation. So we need to start with the value of the third octet in binary:
2 is 00000010
6 is 00000110
11 is 00001011
15 is 00001111
18 is 00010010
If you look at the binary and see which numbers have most bits in common we see that 2 and 6 have 7 of 8 bits in common and could be grouped together. We see that 11 and 15 have 7 of 8 bits in common and could be grouped together.
So to group 2 and six we want a mask that says that bit positions 1, 2, 3, 4, 5, 7, and 8 must match and bit position 6 does not. The mask with 0 in 1, 2, 3, 4, 5, 7, and 8 is 00000100 (decimal 4). And to group 11 and 15 we also need bits 1, 2, 3, 4, 5, 7, and 8 to match so we would use that mask again 00000100.
There is not a way to combine 18 very well with the other addresses. So an ACL would need 3 statements to match these 5 addresses.
permit 192.168.2.0 0.0.4.0
permit 192.168.11.0 0.0.4.0
permit 192.168.18.0 0.0.0.0