Thank you.

Could you please describe the logic you have used. In short.

In wild card mask 0 to check that bit and 1 to ignore that bit.

binary for last octet of 192.168.80.200 is

200=11001000 so wilcard mask of 0.0.0.7 is asking to check for all bits till 11001 and ignore last 3 bits (7=4+2+1)

binary for Next block

208=11010000 have wild card mask 0.0.0.15 (just add the binary value of last 4 zero(bits)

Next time please use only one forum after my posting i saw same question in WAN forum too.

Thanks. Now I will try to calculate another range myself.

192.168.99.50 - 100 /24

Здравствуйте!

You really should read about this because it gets complicated and requires a lot of explaining.

I'll try....

The best way to handle this, especially for you so that you can see exactly what is going on, is to convert the addresses and the ranges to binary.

192.168.80.200 - 207

Lets focus on the last octet range of 200 to 207.

200 base 10 in binary is 11001000

201 base 10 in binary is 11001001

202 base 10 in binary is 11001010

203 base 10 in binary is 11001011

204 base 10 in binary is 11001100

205 base 10 in binary is 11001101

206 base 10 in binary is 11001110

207 base 10 in binary is 11001111

Notice the common bits that never change within that range. They are 11001. The first 5 bits do not change. The ones that do change are the last 3 bits: 000 through 111, and all combinations in between.

Now, 3 bits in binary offers you 8 combinations (as I have just shown), so you can have 8 additional host addresses "added" to the base of 11001 (200).

Do you see that? Stop here and think about it if you dont.

In access lists we use what are called wildcard masks. When converted into binary, a "0" means the match has to be exact. A "1" means that it can vary.

So, if I have an ACL that permits a subnet address and mask of 192.168.80.0 0.0.0.255, it means that, when I convert the mask to binary, I get 00000000.00000000.00000000.11111111. Given that the first 3 octets are represented with "0"s, the first 3 octets must match. However, the 4th octet can be anything. No match. So, all hosts between 192.168.80.0 through 192.168.80.255 will be permitted.

In your case, you want to start matching at 192.168.80.200 and end at 192.168.80.207. This is for the first range of addresses. These are the hosts that will be permitted according to the ACL.

The subnet and mask will be 192.168.80.200 0.0.0.7. The first three octets of the mask (0.0.0) means that the address has to match (192.168.80), and the last octet in the mask of "7" means that the last 3 bits (111), which is 7 (in base 10 - decimal), can vary, from 200 to 207.

I hope this has helped you. As a Russian, you should be laughing at this baby math. :-)

Victor

Thank you.

Спасибо, вот посчитал.

ip access-list standart PAT

remark This permits hosts range 49-62

permit 192.168.99.48 0.0.0.15

remark This permits hosts range 65-78

permit 192.168.99.64 0.0.0.15

remark This permits hosts range 81-94

permit 192.168.99.80 0.0.0.15

for 64 to 96 you dont need 2 statement one is enough

192.168.99.64 0.0.0.31

then 96-99 you need one more with 0.0.0.3