cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

929
Views
35
Helpful
9
Replies
Highlighted
Participant

Dividing Subnets

Hi,

Maybe I'm crazy but, I thought I read once that you could divide a subnet into just certain address in that subnet. For instance you could manipulate the subnet mask as to create a subnet that only used the odd addresses of that subnet.  

Is this possible?

If you took a network like 192.168.1.0 and created a subnet mask that would only have 192.168.1.1,3,5,7,9 etc.... and 192.168.1.2.4.6.8 etc... would not be included.

Thanks, Pat.    

Everyone's tags (1)
9 REPLIES 9
Advisor

Dividing Subnets

Pat,

You can do that with acls, but I'm not aware of any way to do that with subnets. What are you trying to accomplish?

HTH,

John

HTH, John *** Please rate all useful posts ***
Participant

Dividing Subnets

In my ACS server I am allowed to manage 500 IP address. I created a group of network devices that allows 1024 address to be managed because this groups addresses span that large of a scope. Now I'm getting an error message Saying Managed Device Count Exceeded. I'm trying to find a way to manage that large scope but only for every 4th address.

So, 10.20.68.1, 5, 9, 13 would be managed - not 10.20.68.1, 2, 3, 4

Thanks, Pat.

Participant

Dividing Subnets

Just realized I didn't need to create such a large group - but it would be good to know if something like this is possible for licensing purposes.

Thanks for you time.

Beginner

Dividing Subnets

Mathmatically it is not possible. You cannot create a subnet mask to filter out odd or even addresses within a range of addresses.

And if you can, then this blows everything I have ever learned on the subject right out the window!!!!

Beginner

Re: Dividing Subnets

Hi Patrick,

I think what you're thinking of is wildcard subnet masking used in ACLs. What you're describing is not possible with subnet masking since the network portion of the subnet must consist of contiguous 1 bits. Not true with wildcard masking. For example, if you wanted to create an ACL wildcard mask that matched on every odd number you would use something like:

10.0.0.1 255.255.255.254

This wildcard mask would match on ANY IP address where the fourth octet is an odd number. It matches only when the last bit, a 1, is set to 1.

Beginner

Re: Dividing Subnets

Chad,

Please correct me if I am wrong here. But I understand it that you could not have a wildcard mask of 255.255.255.254. Would it not be the inverse, 0.0.0.1, and would it still only just allow 10.0.0.1 to pass and nothing else?

Beginner

Re: Dividing Subnets

No, wildcard masks do not have to be contiguous in binary. Here's an article I found online that discusses it:

http://cisconinja.wordpress.com/2008/11/21/using-acls-with-non-contiguous-wildcard-bitmasks-an-example/

As a further example, let's say that I wanted to match every IP address that contained an even number in the third ocet. I would use the following wildcard mask:

10.0.0.1 0.0.1.0

That is valid for an Access Control List. How likely are to use this type of matching day to day? Not often. You will primarily see this type of discontiguous wildcard matching when filtering routing updates between two seperate routing protocols or in BGP between autonomous systems. It's also common when creating filters on firewalls.

Beginner

Re: Dividing Subnets

Very informative article. Thanks Chad.

VIP Expert

Re: Dividing Subnets

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

In theory, if hosts just rely on the logical boolean operation between IP number and subnet mask, you should be able to define the network number and host number however you want; as other posters have already described for ACLs.  Don't (immediately) see a reason why a host should have a problem.

So for your example of 192.168.1.0 with IPs being split odd/even between networks, mask might be 255.255.255.1.

However, routers though would likely have a bad case of "indigestion", as, for example, what constitutes the longest prefix?

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards