I used to think think this was a pretty difficult topic, but now it seems a lot easier once you break it down the right way. When dealing with even and odd filtering we are only concerned with 1 bit! That is the right-most bit of whatever octet the question is having you focus on. Sometimes questions can be vague so I would say it's a good idea to ask a proctor what octet you need to filter if it's ambiguous.
The rest of this blog will just be examples with short explanations. I will use the word "match" as opposed to "permit" or "deny." Once you now the correct bit pattern you can just insert it into your ACL as necessary.
1) Match the networks with an odd numbered 3rd octet.
Starting off, we don't care about the first, second or third octets so we have:
0.0.x.0 255.255.x.255
The x will be for matching odd numbered networks. All odd numbered networks have one thing in common, they have a 1 in the right-most bit. So now we have:
0.0.1.0 255.255.x.255
Now we need to make sure our wildcard mask matches all networks with a 1 in the right-most bit. In other words, we "care" to match this bit. We don't care about any other bits in this octet so we set them to 1. Now we have:
0.0.1.0 255.255.254.255
2) Match all even networks in the 3rd octect.
What do all even-numbered networks have in common? A 0 in the right-most bit. So we have:
0.0.0.0 255.255.254.255
3) Match odd numbered-networks in the second octet.
Same as example 1 except we are in the 2nd octet.
0.1.0.0 255.254.255.255
4) and so on, you should get the idea by now :)
Friday, September 12, 2008
Subscribe to:
Post Comments (Atom)
Posts
Awesome! No matter how many times I go over this I always tend to forget the 0.0.1.0 for the ODD's thanks!
ReplyDeletewhat about this subnet: 192.168.1.0/24
ReplyDeletedeny only the hosts between 32 and 64,which the fourth octett is odd.