Distribution Layer Policy
451
It is actually easier than it looks. We could certainly go through the binary
math for you, but actually, all you have to do is remember that the wildcard
is always one number less than the block size. So, in our example, the wild-
card would be 7 because our block size is 8. If you used a block size of 16,
the wildcard would be 15. Easy, huh?
Here are some examples to help you really understand it.
The following example tells the router to match the first three octets
exactly but that the fourth octet can be anything:
RouterA(config)#access-list 10 deny 172.16.10.0 0.0.0.255
The next example tells the router to match the first two octets and that the
last two octets can be any value:
RouterA(config)#access-list 10 deny 172.16.0.0 0.0.255.255
Try to figure out this next line:
RouterA(config)#access-list 10 deny 172.16.16.0 0.0.3.255
The above configuration tells the router to start at network 172.16.16.0 and
use a block size of 4. The range would then be 172.16.16.0 through
172.16.19.0.
The example below shows an access list starting at 172.16.16.0 and going
up a block size of 8 to 172.16.23.0:
RouterA(config)#access-list 10 deny 172.16.16.0 0.0.7.255
The next example starts at network 172.16.32.0 and goes up a block size
of 32 to 172.16.63.0:
RouterA(config)#access-list 10 deny 172.16.32.0 0.0.31.255
This last example starts at network 172.16.64.0 and goes up a block size
of 64 to 172.16.127.0:
RouterA(config)#access-list 10 deny 172.16.64.0 0.0.63.255
Here are two more things to keep in mind when you're working with
block sizes and wildcards:
Each block size must start at 0. For example, you can't say that you
want a block size of 8 and start at 12. You must use 07, 815, 1623,
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com