cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1681
Views
35
Helpful
9
Replies

Dividing Subnets

Patrick McHenry
Level 3
Level 3

Hi,

Maybe I'm crazy but, I thought I read once that you could divide a subnet into just certain address in that subnet. For instance you could manipulate the subnet mask as to create a subnet that only used the odd addresses of that subnet.  

Is this possible?

If you took a network like 192.168.1.0 and created a subnet mask that would only have 192.168.1.1,3,5,7,9 etc.... and 192.168.1.2.4.6.8 etc... would not be included.

Thanks, Pat.    

9 Replies 9

John Blakley
VIP Alumni
VIP Alumni

Pat,

You can do that with acls, but I'm not aware of any way to do that with subnets. What are you trying to accomplish?

HTH,

John

HTH, John *** Please rate all useful posts ***

In my ACS server I am allowed to manage 500 IP address. I created a group of network devices that allows 1024 address to be managed because this groups addresses span that large of a scope. Now I'm getting an error message Saying Managed Device Count Exceeded. I'm trying to find a way to manage that large scope but only for every 4th address.

So, 10.20.68.1, 5, 9, 13 would be managed - not 10.20.68.1, 2, 3, 4

Thanks, Pat.

Just realized I didn't need to create such a large group - but it would be good to know if something like this is possible for licensing purposes.

Thanks for you time.

turnera
Level 1
Level 1

Mathmatically it is not possible. You cannot create a subnet mask to filter out odd or even addresses within a range of addresses.

And if you can, then this blows everything I have ever learned on the subject right out the window!!!!

CHAD REID
Level 1
Level 1

Hi Patrick,

I think what you're thinking of is wildcard subnet masking used in ACLs. What you're describing is not possible with subnet masking since the network portion of the subnet must consist of contiguous 1 bits. Not true with wildcard masking. For example, if you wanted to create an ACL wildcard mask that matched on every odd number you would use something like:

10.0.0.1 255.255.255.254

This wildcard mask would match on ANY IP address where the fourth octet is an odd number. It matches only when the last bit, a 1, is set to 1.

Chad,

Please correct me if I am wrong here. But I understand it that you could not have a wildcard mask of 255.255.255.254. Would it not be the inverse, 0.0.0.1, and would it still only just allow 10.0.0.1 to pass and nothing else?

No, wildcard masks do not have to be contiguous in binary. Here's an article I found online that discusses it:

http://cisconinja.wordpress.com/2008/11/21/using-acls-with-non-contiguous-wildcard-bitmasks-an-example/

As a further example, let's say that I wanted to match every IP address that contained an even number in the third ocet. I would use the following wildcard mask:

10.0.0.1 0.0.1.0

That is valid for an Access Control List. How likely are to use this type of matching day to day? Not often. You will primarily see this type of discontiguous wildcard matching when filtering routing updates between two seperate routing protocols or in BGP between autonomous systems. It's also common when creating filters on firewalls.

Very informative article. Thanks Chad.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

In theory, if hosts just rely on the logical boolean operation between IP number and subnet mask, you should be able to define the network number and host number however you want; as other posters have already described for ACLs.  Don't (immediately) see a reason why a host should have a problem.

So for your example of 192.168.1.0 with IPs being split odd/even between networks, mask might be 255.255.255.1.

However, routers though would likely have a bad case of "indigestion", as, for example, what constitutes the longest prefix?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: