Filtering Routes
alright, having a major brain fart on this. so im messing around practicing filtering routes via access list. In the example that i have, for some reason i'm having trouble understanding how they came up with the access list to filter the needed routes. So lets say you have the following routes: 2.2.0.0  2.2.9.0 /24. You want to filter out the odd number routes; so this would be the accesslist:
accesslist 1 deny 2.2.1.0 0.0.254.255
or vice versa of filtering out the even routes it would be:
accesslist 1 deny 2.2.0.0 0.0.254.255
I'm just not getting how the inverse mask is gotten.
Here is the explanation given for the access list:
Explanation of the accesslist:
Example:
Accesslist 1 permit 2.0.0.0 0.255.255.255
In this accesslist
we are permitting any network that matches the result of the
anding of network 2.0.0.0 with an inverse mask of 0.255.255.255. In order for us to
do the anding we must get the regular mask, to get the regular mask, we should
subtract 0.255.255.255 from 255.255.255.255, which results to 255.0.0.0;
Therefore, the anding is as follows:
00000010.00000000.00000000.00000000 Network (In this case 2.0.0.0)
11111111.11111111.11111111.00000000 Regular Mask (In this case 255.255.255.0)
The result of this anding is 2.0.0.0, therefore if the result of the AND matches
network 2.0.0.0, it is permitted, if NOT, it’s denied.
In this task the accesslist
is:
Accesslist
1 deny 2.2.1.0 0.0.254.255
Therefore, in order for us to do the anding, we have to get the regular mask for the
inverse mask of 0.0.254.255, which is; 255.255.255.255 minus 0.0.254.255 equals to
255.255.1.0
00000010.00000010.00000000.00000000 (Network)
11111111.11111111.00000001.00000000 (Regular mask)
The result of this AND is 2.2.0.0, therefore, if it matches 2.2.0.0, it should be denied,
if the network is replaced with other subnets of network 2.2.0.0, we will see that the
ODD numbered networks are all denied.
Sorry for the long post, i the first example but not the last part and how you get the 0.0.254.255. Anyone have a simple way of putting it! lol!
accesslist 1 deny 2.2.1.0 0.0.254.255
or vice versa of filtering out the even routes it would be:
accesslist 1 deny 2.2.0.0 0.0.254.255
I'm just not getting how the inverse mask is gotten.
Here is the explanation given for the access list:
Explanation of the accesslist:
Example:
Accesslist 1 permit 2.0.0.0 0.255.255.255
In this accesslist
we are permitting any network that matches the result of the
anding of network 2.0.0.0 with an inverse mask of 0.255.255.255. In order for us to
do the anding we must get the regular mask, to get the regular mask, we should
subtract 0.255.255.255 from 255.255.255.255, which results to 255.0.0.0;
Therefore, the anding is as follows:
00000010.00000000.00000000.00000000 Network (In this case 2.0.0.0)
11111111.11111111.11111111.00000000 Regular Mask (In this case 255.255.255.0)
The result of this anding is 2.0.0.0, therefore if the result of the AND matches
network 2.0.0.0, it is permitted, if NOT, it’s denied.
In this task the accesslist
is:
Accesslist
1 deny 2.2.1.0 0.0.254.255
Therefore, in order for us to do the anding, we have to get the regular mask for the
inverse mask of 0.0.254.255, which is; 255.255.255.255 minus 0.0.254.255 equals to
255.255.1.0
00000010.00000010.00000000.00000000 (Network)
11111111.11111111.00000001.00000000 (Regular mask)
The result of this AND is 2.2.0.0, therefore, if it matches 2.2.0.0, it should be denied,
if the network is replaced with other subnets of network 2.2.0.0, we will see that the
ODD numbered networks are all denied.
Sorry for the long post, i the first example but not the last part and how you get the 0.0.254.255. Anyone have a simple way of putting it! lol!
Comments

cisco_trooper Too many Member Posts: 1,442 ■■■■□□□□□□Let's start with the wildcard masks that would align with normal CIDR notation boundaries:
/32 0.0.0.0
/31 0.0.0.1
/30 0.0.0.3
/29 0.0.0.7
/28 0.0.0.15
/27 0.0.0.31
/26 0.0.0.63
/25 0.0.0.127
/24 0.0.0.255
/23 0.0.1.255
/22 0.0.3.255
/21 0.0.7.255
/20 0.0.15.255
/19 0.0.31.255
/18 0.0.63.255
/17 0.0.127.255
/16 0.0.255.255
Now, what do you see? 
pham0329 Member Posts: 556simple way of putting it? 255  subnet mask = wildcard mask.
If you have want to filter the 192.168.1.0 255.255.255.224 network, then you would use the wildcard mask of 0.0.0.31 (255  224) 
Monkerz Member Posts: 842See if this doesn't clear things up for you: Filtering RIP routes with an offsetlist « Daniels quest for CCIE

tomaifauchai Member Posts: 301 ■■■□□□□□□□Great article!
I did a small video about it and i'm glad to share it with the community. (Using routemaps with BGP)
Some fun with accesslists  YouTube