Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1237
Views
5
Helpful
3
Replies

Wildcard Mask odd/even matching - a step further - 2 questions

Go to solution
mmanthe
Level 1
Level 1

‎02-28-2019 11:44 AM

I know the whole wildcard mask odd/even matching thing has been discussed and the info is out there for the finding. But as I was digging a little deeper, I came up with a couple of questions I could not find satisfactory answers for. This is really just a mental exercise, but I'm hoping someone out there knows:

 

1. Can odd/even matching be extended (at the bit level) to 'weirder' levels? For example, if for some really weird, deep-state, tin-foil hat reason you wanted to match only addresses from the 192.168.10.0/24 subnet whose last 2 (least significant) bits were 0 (e.g. every 4th useable IP address)...

 

In which: 

 

The wildcard mask would be 0.0.0.252 (252 = 11111100)

 

Such that:

 

The ACL would be:

access-list 1 perit 192.168.10.0 0.0.0.252

 

Would this work the way I'm thinking it would?

 

2. When using this 'trick' to match on addresses or subnets, does it start from the address or subnet you specify and go up?

 

For example - if I wanted to match all EVEN addresses from the 192.168.10.0/24 network, and I created the following:

 

access-list 1 permit 192.168.10.0 0.0.0.254

 

it would match 192.168.10.2, 192.168.10.4, 192.168.10.6...and so on through .254

 

BUT, if I were to create:

 

access-list 1 permit 192.168.10.28 0.0.0.254

 

would it start from 192.168.10.28 and go to 192.168.10.30, 192.168.10.32...etc, up to .254?

 

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-28-2019 12:27 PM - edited ‎02-28-2019 12:28 PM

 

1) Yes to what you say. 

 

2) My first instinct was it would match every even subnet in the 192.168.10.0/24 network but wasn't sure so I did a quick lab and it does indeed match every even subnet starting at 192.168.10.2.

 

Jon

View solution in original post

3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-28-2019 12:27 PM - edited ‎02-28-2019 12:28 PM

 

1) Yes to what you say. 

 

2) My first instinct was it would match every even subnet in the 192.168.10.0/24 network but wasn't sure so I did a quick lab and it does indeed match every even subnet starting at 192.168.10.2.

 

Jon

Go to solution
mmanthe
Level 1
Level 1
In response to Jon Marshall

‎02-28-2019 12:49 PM

Outstanding! Thanks you.
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-01-2019 10:00 AM

Yes, because "under-the-covers" you're doing boolean algebra, i.e. masking is done with a boolean "and". Once you understand that, you could do some really odd looking ACLs, such as network and host portions of an IP address "intermixed", or groups of hosts in "jumps", as you're doing (although only "even/odd" - the last bit).
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card