range hosts in ACL using wildcard mask

Is it possible to specify a range of hosts in ACL using wildcard masks ?

eg.

192.168.2.10 to 192.168.2.70, using default subnet mask.

Find more posts tagged with

Comments

Danman32

Looking over the Cisco documentation that MacWhizard listed, you would have the bit mask continue with 1's for the remaining rightmost bits once you started a 'don't care' with a bit. So '10001101' doesn't seem legal.

Even if it is legal, I don't think a complex mask like that would appear on the exam.

BubbaJ

Danman32 wrote:

Even if it is legal, I don't think a complex mask like that would appear on the exam.

I doubt that is CCNA level material, but you will find complex things like that on CCIE exams. You will see things like a list of seemingly different networks and be asked to make a single (or as few as possible) ACL entry to cover them all.

macwhizard

does it mean a mask of x.x.x.0000 00 11 (6bits must match) can be specified as long as first 6 bits match ?

1000 00 00 = 128
1000 00 01 = 129
1000 00 10 = 130
1000 00 11 = 131

0000 01 00 = 4
0000 01 01 = 5
0000 01 10 = 6
0000 01 11 = 7

1100 10 00 = 200
1100 10 01 = 201

macwhizard

BubbaJ wrote:

I doubt that is CCNA level material, but you will find complex things like that on CCIE exams.

whether CCIE or more advanced, it is better to learn the proper thing throughly when you start, once you get the wrong concepts, it is very difficult to correct.

BubbaJ

macwhizard wrote:

does it mean a mask of x.x.x.0000 00 11 (6bits must match) can be specified as long as first 6 bits match ?

1000 00 00 = 128
1000 00 01 = 129
1000 00 10 = 130
1000 00 11 = 131

0000 01 00 = 4
0000 01 01 = 5
0000 01 10 = 6
0000 01 11 = 7

1100 10 00 = 200
1100 10 01 = 201

: :

The first 6 bits must match. The 1s are "don't care" bits, meaning that they can be 1 or 0. If there are two of these bits, there are 4 possible addresses that match (2^2=4).