background image
450
Chapter 11
Access Policies
Wildcards
Wildcards are used with access list configuration and summarization and
with Open Shortest Path First (OSPF) configuration. Although applying
wildcards looks more difficult than it really is, it is important to under-
stand how.
Wildcards are used with access lists to specify a specific host, network, or
part of a network. To understand wildcards, you need to understand block
sizes. Block sizes are used to specify a range of addresses. There are different
block sizes available, including 64, 32, 16, 8, and 4.
When you need to specify a range of addresses, you choose the block size
closest to your needs. For example, if you need to specify 34 networks, you
need a block size of 64. If you want to specify 18 hosts, you need a block size
of 32. If you specify only 2 networks, then a block size of 4 would work.
Wildcards are used with the host or network address to tell the router a
range of available addresses to filter. To specify a specific host, the address
would look like this:
172.16.30.5 0.0.0.0
The four zeros represent each octet of the address. Whenever a zero is pre-
sented, it means that octet in the address must match exactly. To specify that
an octet can be any value, the value of 255 is used. As an example, here is
how a full subnet is specified with a wildcard:
172.16.30.0 0.0.0.255
This tells the router to match up the first three octets exactly, but the
fourth octet can be any value.
Now, that was the easy part. What if you want to specify only a small
range of subnets? This is where the block sizes come in. You have to specify
the range of values in a block size. In other words, you can't choose to specify
20 networks. You can specify only the exact amount as the block size value.
For example, the range would have to be either 16 or 32, but not 20.
Let's say that you want to block access to a part of a network, the part
that's in the range from 172.16.8.0 through 172.16.15.0. That is a block size
of 8. Your network number would be 172.16.8.0, and the wildcard would
be 0.0.7.255. Whoa! What is that? The 7.255 is what the router uses to
determine the block size. The network and wildcard tell the router to start at
172.16.8.0 and go up a block size of eight addresses to network 172.16.15.0.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com