Experts,

Let me first state I am not a binary wiz!   I am looking at this task and I think I figured out the answer, but need confromation I am on the correct track.  The task states match all the the following host in a ACL with minimal lines.

Hosts

200.0.1.2
200.0.3.2
200.0.3.10
200.0.1.18
200.0.3.26
200.0.1.10
200.0.3.18
200.0.1.26

So if I look at this at the bit boundry... I worry about the 3rd octet.

128   64   32   16   8   4   2   1
--------------------------------------------
1     |   0     0    0    0   0   0   0   1
3     |   0     0    0    0   0   0   1   1

so in the 3rd octet the only bit that will change is in the 2 postion

and in the 4th octet

128   64   32   16   8   4   2   1
--------------------------------------------
2      |   0     0    0    0   0   0   1   0
10    |   0     0    0    0   1   0   1   0
18    |   0     0    0    1   0   0   1   0
26    |   0     0    0    1   1   0   1   0

The bits that change are in the 16 and 8 slots.

So to make this work with a reverse mask....

200.0.1.2 0.0.2.24

In the network number move your starting point to 1 and in the netmask the 2 is from the bits postion.  And in the 4th octet you move your start postion to 2 and in the netmask you add the 16 and 8 bits together to get 24 for the inverse mask to get the above answer.

Is my thinking correct here???  Do you add the 16 and the 8 together b/c they are the ones that I am worried about changing?

Chris

• Errrr

You are on the right track, I believe you have the IP address correct - but remember what the wildcard mask is doing...it is saying, "what bits in the address do I care about?"

In the first and second octets, you want to match (you care about) every single bit - thus zeros. In the third and forth octets, what bits do you care about? Those positions will get the zero wildcard mask bit - and the others will get a 1.

In the third octet - it looks like to me that you want to make sure the first bit (rightmost) is a 1. So isn't the right wildcard mask 254? You could care less about anything but the rightmost bit.

• [:O]

I just saw you were quoting our solution! I will have a closer look. We must be up to something a bit fancier than I was suggesting...

• OK, OK - my line of logic was going to be too general and "over-match" too much address space.

Check out the two blog post series from our own Scott Morris on how to walk through examples like these and others!

http://blog.internetworkexpert.com/2008/09/15/binary-math-part-i/

• 200.0.1.2
200.0.3.2
200.0.3.10
200.0.1.18
200.0.3.26
200.0.1.10
200.0.3.18
200.0.1.26

1st and 2nd octet

Decimal => Binary

200.0. => 11001000.00000000

200.0. => 11001000.00000000

...

200.0. => 11001000.00000000

======================= AND

200.0 => 11001000.00000000

Decimal => Binary

200.0. => 11001000.00000000

200.0. => 11001000.00000000

...

200.0. => 11001000.00000000

======================= XOR

0.0 => 00000000.00000000

Thus 200.0 becomes 1st and 2nd octet of address part

and 0.0 becomes 1st and 2nd octet of wildcard mask part

access-list 1 permit 200.0.1.2 0.0.2.24