Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1113
Views
0
Helpful
4
Replies

Newbie needs help understanding IP summarization.

ted30
Level 1
Level 1

‎09-26-2022 09:26 AM

So I'm taking a Network Defense course as part of my Cybersecurity training on Cisco's SkillsforAll platform, and I'm a bit confused about an example of Wildcard Mask calculation that they are giving me. The example goes like this:

"Assume you needed an ACE in ACL 10 to permit only networks 192.168.10.0 and 192.168.11.0. These two networks could be summarized as 192.168.10.0/23 which is a subnet mask of 255.255.254.0. Again, you subtract the 255.255.254.0 subnet mask from 255.255.255.255, as shown in the table. This solution produces the wildcard mask 0.0.1.255 ."

What has me confused is how we got those two networks to summarize into 192.168.10.0/23. I tried looking up examples of address summarization, but none of them seem to fit this example. Can someone explain to me how these two addresses got rolled into one? Thanks

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎09-26-2022 09:44 AM

hjjhjjjhjjj.png192.168.10.0/24 host from .10 1-254 total number 256

jhkhjjkkjkhjkj.png192.168.11.0/24 host from .11 1-254 total number 256 

hkhjkkjkhkkk.png192.168.10.0/23 host from total number 512 
I usually use online subnet calculator to check if the host is cover by summary address I use 

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-26-2022 10:05 AM

Hello @ted30 ,

>> Can someone explain to me how these two addresses got rolled into one? Thanks 

My favourite approach is to go directly to binary on the interesting byte that in this case is the third one

192.168.10.0/24

192.168.11.0/24

we focus on the third octet or byte and we convert it in binary  10 =  00001010

In the same manner we convert 11 in binary :    11 = 00001011

Now it is clear that the two prefixes share the same first 23 bits and only the last bit (the less signficant bit ) of the third byte is different

So if you want to write an ACL that matches both prefixes you want an exact match on the first two bytes 192.168. and you want the first 7 bits of the third byte to match.

From this comes the fact that the ACL can be written as

permit 192.168.10.0 0.0.1.255

the 0 in wildcard mask requires an exact match for the first two bytes and the 1 in third position means that the third octet can be 0000 1010 or 00001011.

The final byte has 255 meaning that every value is allowed is a match.

Hope to help

Giuseppe

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-26-2022 02:49 PM - edited ‎09-26-2022 02:50 PM

Both @MHM Cisco World and @Giuseppe Larosa have provided great information, but if you understand subnetting, address summarization (and supernetting) is the "opposite".

For example we can subnet 192.168.4.0/24 into two /25s, 192.168.4.0/25 and 192.168.4.128/25, and those could be subnetted into two /26s, each, 192.168.4.0/26, 192.168.4.64/26 and 192.168.4.128/26, 192.168.4.192/26.

The "tricky" part of summarization (or supernetting) is, NOT overlooking the binary boundaries.  I.e. we can summarize the forgoing two /25s into the /24 or all four /26s into the /24, but we cannot summarize 192.168.4.64/26 and 192.168.4.128/26 into a /25.

Or, more specific in your case, you could not summarize 192.168.9.0/24 and 192.168.10.0/24 or 192.168.11.0/25 and 192.168.12.0 into a /23.

What MHM and Giuseppe show/describe arre two ways to avoid creating incorrect summarization, but hopefully, the above, helps a bit to understand summarization is just the converse of subnetting.

Oh, and if you find subnet masks a bit confusing from wild card masks, in binary, they are the one and zeros opposites of each other.  If a subnet mask is 11111110 (254), the wild card mask would be 00000001 (1).  IPv4 dotted decimal notation sort of "hides" that.

0 Helpful

NetworkDave
Spotlight
Spotlight

‎09-26-2022 05:27 PM

ted30,

Glad you are curious and interested in the concepts!

Here is a fundamental method of figuring out Route Summarization and Wildcard Masks.
   Route Summarization - What Network bits match between the routes?
      Use logical bitwise ANDing to compare the network bits.
                                        |<-------Network bits------->|
         192.168.10.0/24 = 11000000.10101000.0000101 0.00000000 = Route 1
         192.168.11.0/24 = 11000000.10101000.0000101 1.00000000 = Route 2
                                       --------------------------------------
         192.168.10.0/23 = 11000000.10101000.0000101 0.00000000 = Summarized Route
                                       |<--Matching Network bits-->|

   A Wildcard Mask is the inverse (opposite) of the Subnet Mask.
      Take the binary subnet mask and flip each bit - Example: "1 to 0" or "0 to 1".
         255.255.254.    0 = 11111111.11111111.11111110.00000000 = Subnet Mask
             0.    0.    1.255 = 00000000.00000000.00000001.11111111 = Wildcard Mask

@MHM Cisco World, @Giuseppe Larosa. and @Joseph W. Doherty have all posted similar and additional information.

Remember to mark helpful posts and mark the correct answer as a solution - that helps other users with similar questions.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card