My Cart
Thank you very much for the excellent study material without which I would have had no chance of passing my CCIE R&S Lab.
I passed my R&S Lab in Brussels on Friday 25th April on my 2nd attempt.
Your Lab Workbook is excellent and really covers all technologies. I also found the Advanced Technologies Class and R&S Class-on-Demand excellent resources when starting out on the long lab journey.
Craig Campbell
CCIE #20641
CCIE Lab Preparation Resources
Computing Access-List and Wildcard Pairs
by: Brian McGahan, CCIE #8593
Introduction:Access-list address and wildcard pair calculations are based on the AND and XOR logic gates.
AND: The output is true only when both inputs A and B are true.
XOR: The output is true when either inputs A or B are true, but not if both A and B are true.
To find the most specific address and wildcard pair that will match two addresses, A and B, we use the gates AND and XOR. The address we will check in the access-list is A AND B. The wildcard used to check in this list will be A XOR B. Syntax is as follows:
Create an access-list in one line that matches the two IP addresses 10.20.30.40 and 40.30.20.10. This access-list should be as efficient as possible. Do not worry about overlapping address space.
How do we create an access-list that is the most specific match for these two addresses? First, write both addresses out in binary:
Next, to find the address, take the logical AND of these addresses.
The result is our address: 8.20.20.8
Next, to find the matching wildcard, take the logical XOR of these addresses.
The result is our wildcard: 34.10.10.34
Therefore, the most specific match for both 10.20.30.40 and 40.30.20.10 is:
access-list 1 permit 8.20.20.8 34.10.10.34
Example 2:The following networks are being learned through a dynamic routing protocol:
10.0.0.0/16
10.4.0.0/16
10.32.0.0/16
10.36.0.0/16
Create an access-list to apply as a distribute-list. In one line, this access-list should permit these four prefixes, and deny everything else. Do not permit any other networks.
First, write all addresses out in binary:
Next, to find the address, take the logical AND of these addresses.
The result is our address: 10.0.0.0
Next, to find the matching wildcard, take the logical XOR of these addresses.
The result is our wildcard: 0.36.0.0
Therefore, in order to match the above networks in a single line, the access-list would read:
access-list 1 permit 10.0.0.0 0.36.0.0
How do we know if we are overlapping address space?The amount of bits set in the wildcard mask directly corresponds to the number of addresses the access-list will match.
In the first case, the amount of bits set in the wildcard mask is 8. 8 bits set result in 256 combinations (28 = 256). It is evident that there is much overlap in this address space. However, the resulting access-list is the most specific match possible in one line.
In the second case, 2 bits are set in the wildcard mask, the 32 bit and the 4 bit. 2 bits set result in 4 combinations (22 = 4). In this case, it is evident that these four combinations are the said networks in question.
© 2003 Internetwork Expert, Inc.
R&S Mock Lab Workshop
R&S Advanced Technologies Class-on-Demand
R&S Lab Workbook Volume I
R&S Lab Workbook Volume II
R&S Lab Workbook Volume III
R&S Mock Lab Exams
R&S Advanced Technologies Audio Class
R&S Rack Rentals
Toll Free (US & Canada):
(877) 224.8987 x1
International:
+1.775.826.4344 x1
Fax:
+1.775.826.4344
Email:
Sales
Support
Customer Service
Shipping
Main Sales Office (US):
10627 Professional Circle
Reno, NV 89521