Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1108
Views
0
Helpful
5
Replies

(netmask is 0.0.0.6) ? Why is it written like this?

axis0
Level 1
Level 1

‎03-04-2003 10:33 PM - edited ‎03-02-2019 05:34 AM

-- from cisco router access-list

permit ip 209.110.32.105 0.0.0.6 any

-------

Why is the netmask written by 0.0.0.6 ?

thanks!

Labels:
0 Helpful
5 Replies 5

lgijssel
Level 9
Level 9

‎03-05-2003 02:07 AM

This is the decimal representation of a binary digit. The last eight bits of the mask are 0000 0110. The number 105 in binary is: 0110 1001.

Your access-list matches all odd numbers between 105 an 111.

Leo

0 Helpful

hhilario
Level 1
Level 1

‎03-06-2003 07:41 AM

This is not a subnet mask. The 0.0.0.6 are access list parameters to define the portion of the Ip address that should be examined. This is also called wildcard mask. If we convert this into binary we will have the following:

Decimal Binary

Ip 209.110.32.105 11010001.01101110.00100000.01101001

Mask 0.0.0.6 00000000.00000000.00000000.00000110

Result 209.110.32.105 to 111 11010001.01101110.00100000.01101xx1

The last two x means that every address that does not have these binary positions in 1s will be blocked, thus, address between 105 and 111 will be allowed.

More generally, the wildcard mask means the following:

Bit positions of binary 0 mean that the access list compares the corresponding bit position in the IP address and makes sure it is equal to the same bit position in the address configured in the access-list statement. Bit positions of binary 1 are wildcards, those bit positions are immediately considered to be a match.

0 Helpful

lgijssel
Level 9
Level 9
In response to hhilario

‎03-07-2003 01:54 AM

You make one mistake in your reasoning:

as the least significant bit is not in the wildcard, the numbers will have to end with a one to pass the access-list. Thus as I already stated, this list only matches the odd numbers between 105 and 111.

105, 107, 109, 111 will pass.

106, 108, 110 wil fail while their LSB equals zero.

0 Helpful

hhilario
Level 1
Level 1
In response to lgijssel

‎03-07-2003 04:08 AM

You're right. I assumed it was understood that since the last bit ends in 1 all binary numbers to be allowed would have to end in 1 for the given range. Now I understand why there was something "odd" missing in my answer.:-)

0 Helpful

jcengh
Level 1
Level 1

‎03-21-2003 10:18 PM

Looks like some sharp networkers beat me to it. I will add some comments to reiterate in a different way. In networking we have two types of masks: one is a subnet mask and the other is a network mask. A subnet mask is used for things like router table entries where any bit in the mask that is a one matches that bit position and any bit with a zero is known as don't care. Subnet masks are used to network networks or basically tell a router which network an address belongs to so that it knows which direction traffic should be directed. Routers care about networks, not the individual hosts. So, if we have an address: 154.200.55.5 with a subnet mask 255.255.255.0(yes I know this is a class B network with a class C mask, but I am using it to prove a point), the network would be 154.200.55.0, and the host would be 154.200.55.5. In other words, the first three octets would match the mask thus identifying what the network is.

In access lists, we use a network mask or wildcard mask. In this case, it is an exact opposite of a subnet mask. If I wanted to use the same example, I would have 154.200.55.5 with a wildcard mask of 0.0.0.255. Hope this helps!

0 Helpful
Customers Also Viewed These Support Documents