03-04-2003 10:33 PM - edited 03-02-2019 05:34 AM
-- from cisco router access-list
permit ip 209.110.32.105 0.0.0.6 any
-------
Why is the netmask written by 0.0.0.6 ?
thanks!
03-05-2003 02:07 AM
This is the decimal representation of a binary digit. The last eight bits of the mask are 0000 0110. The number 105 in binary is: 0110 1001.
Your access-list matches all odd numbers between 105 an 111.
Leo
03-06-2003 07:41 AM
This is not a subnet mask. The 0.0.0.6 are access list parameters to define the portion of the Ip address that should be examined. This is also called wildcard mask. If we convert this into binary we will have the following:
Decimal Binary
Ip 209.110.32.105 11010001.01101110.00100000.01101001
Mask 0.0.0.6 00000000.00000000.00000000.00000110
Result 209.110.32.105 to 111 11010001.01101110.00100000.01101xx1
The last two x means that every address that does not have these binary positions in 1s will be blocked, thus, address between 105 and 111 will be allowed.
More generally, the wildcard mask means the following:
Bit positions of binary 0 mean that the access list compares the corresponding bit position in the IP address and makes sure it is equal to the same bit position in the address configured in the access-list statement. Bit positions of binary 1 are wildcards, those bit positions are immediately considered to be a match.
03-07-2003 01:54 AM
You make one mistake in your reasoning:
as the least significant bit is not in the wildcard, the numbers will have to end with a one to pass the access-list. Thus as I already stated, this list only matches the odd numbers between 105 and 111.
105, 107, 109, 111 will pass.
106, 108, 110 wil fail while their LSB equals zero.
03-07-2003 04:08 AM
You're right. I assumed it was understood that since the last bit ends in 1 all binary numbers to be allowed would have to end in 1 for the given range. Now I understand why there was something "odd" missing in my answer.:-)
03-21-2003 10:18 PM
Looks like some sharp networkers beat me to it. I will add some comments to reiterate in a different way. In networking we have two types of masks: one is a subnet mask and the other is a network mask. A subnet mask is used for things like router table entries where any bit in the mask that is a one matches that bit position and any bit with a zero is known as don't care. Subnet masks are used to network networks or basically tell a router which network an address belongs to so that it knows which direction traffic should be directed. Routers care about networks, not the individual hosts. So, if we have an address: 154.200.55.5 with a subnet mask 255.255.255.0(yes I know this is a class B network with a class C mask, but I am using it to prove a point), the network would be 154.200.55.0, and the host would be 154.200.55.5. In other words, the first three octets would match the mask thus identifying what the network is.
In access lists, we use a network mask or wildcard mask. In this case, it is an exact opposite of a subnet mask. If I wanted to use the same example, I would have 154.200.55.5 with a wildcard mask of 0.0.0.255. Hope this helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide