Maybe I'm crazy but, I thought I read once that you could divide a subnet into just certain address in that subnet. For instance you could manipulate the subnet mask as to create a subnet that only used the odd addresses of that subnet.
Is this possible?
If you took a network like 192.168.1.0 and created a subnet mask that would only have 192.168.1.1,3,5,7,9 etc.... and 192.168.1.2.4.6.8 etc... would not be included.
You can do that with acls, but I'm not aware of any way to do that with subnets. What are you trying to accomplish?
In my ACS server I am allowed to manage 500 IP address. I created a group of network devices that allows 1024 address to be managed because this groups addresses span that large of a scope. Now I'm getting an error message Saying Managed Device Count Exceeded. I'm trying to find a way to manage that large scope but only for every 4th address.
So, 10.20.68.1, 5, 9, 13 would be managed - not 10.20.68.1, 2, 3, 4
Just realized I didn't need to create such a large group - but it would be good to know if something like this is possible for licensing purposes.
Thanks for you time.
Mathmatically it is not possible. You cannot create a subnet mask to filter out odd or even addresses within a range of addresses.
And if you can, then this blows everything I have ever learned on the subject right out the window!!!!
I think what you're thinking of is wildcard subnet masking used in ACLs. What you're describing is not possible with subnet masking since the network portion of the subnet must consist of contiguous 1 bits. Not true with wildcard masking. For example, if you wanted to create an ACL wildcard mask that matched on every odd number you would use something like:
This wildcard mask would match on ANY IP address where the fourth octet is an odd number. It matches only when the last bit, a 1, is set to 1.
Please correct me if I am wrong here. But I understand it that you could not have a wildcard mask of 255.255.255.254. Would it not be the inverse, 0.0.0.1, and would it still only just allow 10.0.0.1 to pass and nothing else?
No, wildcard masks do not have to be contiguous in binary. Here's an article I found online that discusses it:
As a further example, let's say that I wanted to match every IP address that contained an even number in the third ocet. I would use the following wildcard mask:
That is valid for an Access Control List. How likely are to use this type of matching day to day? Not often. You will primarily see this type of discontiguous wildcard matching when filtering routing updates between two seperate routing protocols or in BGP between autonomous systems. It's also common when creating filters on firewalls.
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
In theory, if hosts just rely on the logical boolean operation between IP number and subnet mask, you should be able to define the network number and host number however you want; as other posters have already described for ACLs. Don't (immediately) see a reason why a host should have a problem.
So for your example of 192.168.1.0 with IPs being split odd/even between networks, mask might be 255.255.255.1.
However, routers though would likely have a bad case of "indigestion", as, for example, what constitutes the longest prefix?