| Author |
wild mask for odd number IP addresses?
|
|
| whoameye 2001-10-22, 4:20 pm |
| How would you filter out odd number IP in a certain subnet?
I have admins and faculty computer and would like to deny access to telnet for faculty.
I am creating an extended IP access list to deny tcp source address but I was unsure what address to use. For example IP address of one faculty is 165.2.1.67. How would the wildcard mask work. I would have to match first three but what would be the last one?
Any and all comments will be greatly appreciated. | |
| ahpama 2001-10-22, 4:32 pm |
| quote:
Originally posted by whoameye
How would you filter out odd number IP in a certain subnet?
I have admins and faculty computer and would like to deny access to telnet for faculty.
I am creating an extended IP access list to deny tcp source address but I was unsure what address to use. For example IP address of one faculty is 165.2.1.67. How would the wildcard mask work. I would have to match first three but what would be the last one?
Any and all comments will be greatly appreciated.
Please give us on what particular subnet this IP address belongs so that we will know what is the wildcard masking to be applied.
ahpama | |
| whoameye 2001-10-22, 5:52 pm |
| Ok the PC's belong to the subnet 165.2.1.64
two PCs one is 165.2.1.66, THE OTHER 165.2.1.67. Subnet mask is 255.255.255.224
These are on the same lan. Any other info necessary? I just can't figure out the wildcard mask...Thanks again | |
| ahpama 2001-10-22, 6:15 pm |
| Hi,
If you are going to block the whole subnet yo can use 0.0.0.63 but if you are after a particular IP you can just deny that particular IP(s). access-list 101 deny tcp host 165.2.1.66 eq 23. I think there is no particular way of blocking particular IP(s) I mean on your case. You can just select the IP that you want to deny then dont forget to allow evrything else.
Or you can use the access class command.
Restricting Telnet Access to Particular IP Addresses
If you want to allow only certain IP addresses to use Telnet to access the router, you must use the access-class command. The command access-class nn in defines an access list (from 1 through 99) that allows access to the virtual terminal lines on the router. The following configuration commands allow incoming Telnet access to the router only from hosts on network 192.85.55.0:
access-list 12 permit 192.85.55.0 0.0.0.255
line vty 0 4
access-class 12 in
I hope this helps.
ahpama | |
| whoameye 2001-10-22, 6:24 pm |
| I understand what your saying but I have seen it written on a webpage and also in class but I cannot for the life of me remember how to go about figuring out the wildcard mask...But you can filter odd/even addresses within a subnet. | |
| whoameye 2001-10-22, 6:37 pm |
| I understand what your saying but I have seen it written on a webpage and also in class but I cannot for the life of me remember how to go about figuring out the wildcard mask...But you can filter odd/even addresses within a subnet. | |
| dmaftei 2001-10-22, 7:44 pm |
| To deny all odd addresses in subnet 165.2.1.64 255.255.255.224:
access-list 101 deny ip 165.2.1.65 0.0.0.30 any
access-list 101 permit ip any any
With 165.2.1.64 0.0.0.63 you deny 165.2.1.64 through 165.2.1.127, which in this case is two subnets: 165.2.1.64/27 and 165.2.1.96/27. | |
| depamo 2001-10-22, 9:11 pm |
| Very strange question but you can do it.
Just remeber that in a wildcard mask you put a one where you don't care!! So if you only want odd or even, you just have the last bit a 1 (for odd) or 0 (for even).
So IP Address 165.2.1.64 with a 255.255.255.224 subnet mask?? Talk about making it a little challenging!!
Well lets keep it simple, the mask for your network is-
0.0.0.31
To match your subnet or
00000000.00000000.00000000.00011111
So as you are using the last 3 host bits, those must match. So how do you make it odd or even?? Look at this!
00000000.00000000.00000000.00011110
Now you care what that last bit is, so 1 or zero?? If you want to deny odd-
165.2.1.65 0.0.0.30
deny even
165.2.1.64 0.0.0.30
Sweet hunh?? I have no idea if it will work since masks are defined as continguous, have no idea about a wildcard, but the math is sound. | |
| whoameye 2001-10-23, 10:31 am |
| Well, I will put both suggestions to test on my sim software. What is very confusing is the fact that when filtering on a subnet by only odd and even addresses, the method for coming up with the address wildcard necessary to do this. I understand the since the subnet address is 165.2.1.64 and /SM is 255.255.255.224 then that will alow for 32 addresses within this subnet. I get confused on how you both came up with 30 or 31. If there is any way you can explain it again but a little more detailed, I think I will not forget it and will be able to explain it to other students and coworkers. Thanks again. | |
| depamo 2001-10-23, 2:07 pm |
| Corrected this response to reflect a real mess-up on my part.
Answer is 0.0.0.30 not 0.0.0.31 which is one bit off.
Hope this clears up any confusion that I might have caused. | |
| dmaftei 2001-10-23, 2:27 pm |
| quote:
Originally posted by depamo
Where 00011111 is 32, so 00011110 would be 31 to make this binary number decimal to insure that the last bit is what you want.
...
Both answers will give somewhat similar results but if you use 30 or
00011101
you wont get all even or odd answers since it is the last bit that determines if a binary number is odd or even when translated to base 10 or decimal format.
00100000 binary is 32 decimal
00011111 binary is 31 decimal
00011110 binary is 30 decimal
The correct wildcard to match odds/evens is 0.0.0.30. | |
| depamo 2001-10-23, 9:02 pm |
| Man, that is a great catch, bad post. answer is 30 on that last one. Don't know what I was thinking. Head is not in the game lately. Hope that post was not damaging. Off by one is a completly amature response by me. Went back and corrected my other posts and should be accurate now.
Will hold off posting again until I can get my head back in the game. | |
| Randhir 2001-10-28, 7:00 am |
| learntosubnet.com | |
| depamo 2001-10-28, 11:20 am |
| Next time why don't you actually read something. Your little quarky remark isn't even right. Pretty bad when you cannot even coherently make a good joke.
The orignal question was on abnormal Wild Card Masks which last time I checked, didn't have anything to do with subnets. You must have used the wrong book to think wild card masks are utilized in subnets or maby you believe that ACL's can make a subnet-
But then again, I at least post to try to help people out to understand information to give back. So next time you feel like expressing your amass of knowledge, why not try
idiot.com | |
| dmaftei 2001-10-29, 7:49 pm |
| quote:
Originally posted by depamo
Grumpy today, huh? [grin] | |
| depamo 2001-10-30, 12:08 pm |
| Do hate it when someone tries to correct a post without reading it. My bad. |
|
|
|