Note: Subnet masks can additionally be represented as a anchored
breadth notation. For example, 192.168.10.0/24 represents 192.168.10.0
255.255.255.0.
This account describes how to abridge a ambit of networks into
a distinct arrangement for ACL optimization. Consider these networks.
192.168.32.0/24
192.168.33.0/24
192.168.34.0/24
192.168.35.0/24
192.168.36.0/24
192.168.37.0/24
192.168.38.0/24
192.168.39.0/24
The aboriginal two octets and the aftermost octet are the
aforementioned for anniversary network. This table is an account of how
to abridge these into a distinct network.
The third octet for the antecedent networks can be accounting
as apparent in this table, according to the octet bit position and
abode amount for anniversary bit.
.
|
Decimal |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
|
32 |
0 |
0 |
1 |
0 |
0 |
0 |
0 |
0 |
|
33 |
0 |
0 |
1 |
0 |
0 |
0 |
0 |
1 |
|
34 |
0 |
0 |
1 |
0 |
0 |
0 |
1 |
0 |
|
35 |
0 |
0 |
1 |
0 |
0 |
0 |
1 |
1 |
|
36 |
0 |
0 |
1 |
0 |
0 |
1 |
0 |
0 |
|
37 |
0 |
0 |
1 |
0 |
0 |
1 |
0 |
1 |
|
38 |
0 |
0 |
1 |
0 |
0 |
1 |
1 |
0 |
|
39 |
0 |
0 |
1 |
0 |
0 |
1 |
1 |
1 |
|
M |
M |
M |
M |
M |
D |
D |
D |
Since the aboriginal bristles $.25 match, the antecedent eight
networks can be abbreviated into one arrangement (192.168.32.0/21 or
192.168.32.0 255.255.248.0). All eight accessible combinations of the
three low-order $.25 are accordant for the arrangement ranges in
question. This command defines an ACL that permits this network. If you
decrease 255.255.248.0 (normal mask) from 255.255.255.255, it yields
0.0.7.255.
access-list acl_permit admittance ip 192.168.32.0 0.0.7.255
Consider this set of networks for added explanation.
192.168.146.0/24
192.168.147.0/24
192.168.148.0/24
192.168.149.0/24
The aboriginal two octets and the aftermost octet are the
aforementioned for anniversary network. This table is an account of how
to abridge these.
The third octet for the antecedent networks can be accounting
as apparent in this table, according to the octet bit position and
abode amount for anniversary bit.
.
|
Decimal |
128 |
64 |
32 |
16 |
8 |
4 |
2 |
1 |
|
146 |
1 |
0 |
0 |
1 |
0 |
0 |
1 |
0 |
|
147 |
1 |
0 |
0 |
1 |
0 |
0 |
1 |
1 |
|
148 |
1 |
0 |
0 |
1 |
0 |
1 |
0 |
0 |
|
149 |
1 |
0 |
0 |
1 |
0 |
1 |
0 |
1 |
|
M |
M |
M |
M |
M |
? |
? |
? |
Unlike antecedent example, you cannot abridge these networks into a
distinct network. You charge a minimum of two networks. The antecedent
networks can be abbreviated into these two networks:
*
For networks 192.168.146.x and 192.168.147.x, all $.25 bout
except for the aftermost one, which is a "don't care". This can be
accounting as 192.168.146.0/23 (or 192.168.146.0 255.255.254.0).
*
For networks 192.168.148.x and 192.168.149.x, all $.25 bout
except for the aftermost one, which is a "don't care". This can be
accounting as 192.168.148.0/23 (or 192.168.148.0 255.255.254.0).
This achievement defines a abbreviated ACL for the aloft networks.
access-list 10 admittance ip 192.168.146.0 0.0.1.255
access-list 10 admittance ip 192.168.148.0 0.0.1.255
Sections
Comments (0 posted)
Syndication
