Task 9.1

Experts,

Let me first state I am not a binary wiz!   I am looking at this task and I think I figured out the answer, but need confromation I am on the correct track.  The task states match all the the following host in a ACL with minimal lines.

Hosts

200.0.1.2
200.0.3.2
200.0.3.10
200.0.1.18
200.0.3.26
200.0.1.10
200.0.3.18
200.0.1.26

So if I look at this at the bit boundry... I worry about the 3rd octet.

         128   64   32   16   8   4   2   1
--------------------------------------------
1     |   0     0    0    0   0   0   0   1
3     |   0     0    0    0   0   0   1   1

 so in the 3rd octet the only bit that will change is in the 2 postion

and in the 4th octet

         128   64   32   16   8   4   2   1
--------------------------------------------
2      |   0     0    0    0   0   0   1   0
10    |   0     0    0    0   1   0   1   0
18    |   0     0    0    1   0   0   1   0
26    |   0     0    0    1   1   0   1   0

 

The bits that change are in the 16 and 8 slots.

 

So to make this work with a reverse mask....

200.0.1.2 0.0.2.24

In the network number move your starting point to 1 and in the netmask the 2 is from the bits postion.  And in the 4th octet you move your start postion to 2 and in the netmask you add the 16 and 8 bits together to get 24 for the inverse mask to get the above answer.

Is my thinking correct here???  Do you add the 16 and the 8 together b/c they are the ones that I am worried about changing?

 

Chris

 

 

 

 

Comments

  • Errrr

    You are on the right track, I believe you have the IP address correct - but remember what the wildcard mask is doing...it is saying, "what bits in the address do I care about?"

    In the first and second octets, you want to match (you care about) every single bit - thus zeros. In the third and forth octets, what bits do you care about? Those positions will get the zero wildcard mask bit - and the others will get a 1. 

    In the third octet - it looks like to me that you want to make sure the first bit (rightmost) is a 1. So isn't the right wildcard mask 254? You could care less about anything but the rightmost bit. 

  • [:O]

    I just saw you were quoting our solution! I will have a closer look. We must be up to something a bit fancier than I was suggesting...

  • OK, OK - my line of logic was going to be too general and "over-match" too much address space.

    Check out the two blog post series from our own Scott Morris on how to walk through examples like these and others!

    http://blog.internetworkexpert.com/2008/09/15/binary-math-part-i/

  • 200.0.1.2
    200.0.3.2
    200.0.3.10
    200.0.1.18
    200.0.3.26
    200.0.1.10
    200.0.3.18
    200.0.1.26

    1st and 2nd octet

    Decimal => Binary

    200.0. => 11001000.00000000

    200.0. => 11001000.00000000

                  ...

    200.0. => 11001000.00000000

    ======================= AND

    200.0 => 11001000.00000000

     

    Decimal => Binary

    200.0. => 11001000.00000000

    200.0. => 11001000.00000000

                  ...

    200.0. => 11001000.00000000

    ======================= XOR

    0.0 => 00000000.00000000

     

    Thus 200.0 becomes 1st and 2nd octet of address part

    and 0.0 becomes 1st and 2nd octet of wildcard mask part

     

    access-list 1 permit 200.0.1.2 0.0.2.24

    will be the final answer

  • chris,

    Looks like your solution is good to go and this is pretty old reponse, as I just reached at this point.  Interestingly I found your way of calculating wildcard easier as compared to calculation of netmask and then subtracting that from mask, like if we have netmask x.x.x.252 and then subtract from x.x.x.255 and the result is wilrd card.  Can you tell me the source of this way of calculation, as this is my very weak point and I want to learn it well to be fast on this.  Thanks for great post btw.

    Zaheer

Sign In or Register to comment.