08-17-2007 02:32 AM - edited 02-20-2020 09:39 PM
Dears,
I know it may look a very bacis question, but frankly I searched the net, books & asked many friends and no one could help.
I want to create one or two access list to hit the following ip prefix.
192.168.2.0
192.168.6.0
192.168.11.0
192.168.15.0
192.168.18.0
may you kindly explain it for me by binary calculation.
regards
Solved! Go to Solution.
08-17-2007 03:30 AM
I think that your question is asking about ways to have a single line in the ACL match more than one address so that with one or two lines of ACL you could match these 5 addresses. The way to start that is to figure what these addresses have in common. they all have 192.168 in the first two octets and 0 in the last octet. So the third octet is where there is any variation. So we need to start with the value of the third octet in binary:
2 is 00000010
6 is 00000110
11 is 00001011
15 is 00001111
18 is 00010010
If you look at the binary and see which numbers have most bits in common we see that 2 and 6 have 7 of 8 bits in common and could be grouped together. We see that 11 and 15 have 7 of 8 bits in common and could be grouped together.
So to group 2 and six we want a mask that says that bit positions 1, 2, 3, 4, 5, 7, and 8 must match and bit position 6 does not. The mask with 0 in 1, 2, 3, 4, 5, 7, and 8 is 00000100 (decimal 4). And to group 11 and 15 we also need bits 1, 2, 3, 4, 5, 7, and 8 to match so we would use that mask again 00000100.
There is not a way to combine 18 very well with the other addresses. So an ACL would need 3 statements to match these 5 addresses.
permit 192.168.2.0 0.0.4.0
permit 192.168.11.0 0.0.4.0
permit 192.168.18.0 0.0.0.0
HTH
Rick
08-17-2007 03:30 AM
I think that your question is asking about ways to have a single line in the ACL match more than one address so that with one or two lines of ACL you could match these 5 addresses. The way to start that is to figure what these addresses have in common. they all have 192.168 in the first two octets and 0 in the last octet. So the third octet is where there is any variation. So we need to start with the value of the third octet in binary:
2 is 00000010
6 is 00000110
11 is 00001011
15 is 00001111
18 is 00010010
If you look at the binary and see which numbers have most bits in common we see that 2 and 6 have 7 of 8 bits in common and could be grouped together. We see that 11 and 15 have 7 of 8 bits in common and could be grouped together.
So to group 2 and six we want a mask that says that bit positions 1, 2, 3, 4, 5, 7, and 8 must match and bit position 6 does not. The mask with 0 in 1, 2, 3, 4, 5, 7, and 8 is 00000100 (decimal 4). And to group 11 and 15 we also need bits 1, 2, 3, 4, 5, 7, and 8 to match so we would use that mask again 00000100.
There is not a way to combine 18 very well with the other addresses. So an ACL would need 3 statements to match these 5 addresses.
permit 192.168.2.0 0.0.4.0
permit 192.168.11.0 0.0.4.0
permit 192.168.18.0 0.0.0.0
HTH
Rick
08-17-2007 05:06 AM
Dear Rick,
Thnak you very very much for the fast response and also for the datailed explanation. I tried it with other combination and it works well.
regards.
Moe
08-17-2007 06:49 AM
Moe
I am glad that my explanation helped you to understand this better. Thanks for using the rating system to indicate that your question was resolved (and thanks for the rating). The forum is a very good place to learn concepts like the masking of access lists. I encourage you to continue your participation in the forum.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: