Cisco Tips & Tricks

October 27, 2008

Compute an access-list to match even or odd networks

Filed under: Access-lists, ccie, IP Routing, Router, security, Technology and Software — ciscotips @ 10:16 pm

One of my old student who is preparing for CCNP asked me on how to write an access-list for permitting/denying even or odd networks. So I am just pasting my email reply to him

Here is a simple tip to write an access-list for even or odd networks.

Lets say we are asked to permit all odd or permit all even for 192.168.1.0/24 ?

We’ll play the game with last octet or I should say the least significant bit of last octet.

-If it is 0, the IP address will be Even

-If it is 1, the IP address will be Odd 

192.168.1.00000001 = 192.168.1.1 – odd

192.168.1.00000011 = 192.168.1.3  – odd

192.168.1.00000010 = 192.168.1.2   even

192.168.1.00000100 = 192.168.1.4   even

FOR Even Networks

The IP address will be 192.168.1.0

With the wild card mask as 0.0.0.254

254 = 11111110

Here, 0 means DO CARE of the last bit in IP address (must be ZERO)

Hence ACL will be

access-list 1 permit 192.168.1.0  0.0.0.254

For Odd Networks

The IP address will be 192.168.1.1

With the wild card mask as 0.0.0.254

254 = 11111110

Here, 0 means DO CARE of the last bit in IP address (must be ONE)

Hence ACL will be

access-list 1 permit 192.168.1.1 0.0.0.254
 

  

Advertisements

17 Comments »

  1. Hi Looks like we can achieve Odd networks other and simple way

    What is being denied by Even Networks can be allowed
    and What is being allowed by Even Networks should be denied…

    Simple

    access-list 1 deny 192.168.1.0 0.0.0.254
    access-list 1 permit any

    Kaushal

    Comment by kaushal — October 29, 2008 @ 9:48 pm

  2. Yeps you are right!

    Are you the same Kaushal who gave CCIE (security) lab exam in sanjose on April 23rd?

    -Raman

    Comment by ciscotips — October 29, 2008 @ 10:08 pm

  3. I found some very useful information on your blog. I am a new blogger and i have very little khowledge about blogging. I found some very important blogging tips here. Thank you very much. With your help i created my own blog http://epshi.com . Look at my blog and please tell me what i required more. Thank you again.

    Comment by Hasib Ahmed — November 13, 2008 @ 7:46 pm

  4. Wildcard masking technique to match bits is not widely known to the general, but the people who do understand it definitely knows their stuff. So does anyone know how to do this for IPv6 ACLs??

    Comment by Danny Tsai — February 7, 2009 @ 6:36 pm

  5. […] WOW ternyata bisa. berdasarkan artikel yang saya temukan di situs ini… […]

    Pingback by blok ip berdasarkan even and odd « In The World Without Limitation — February 27, 2009 @ 2:28 am

  6. […] an access-list to match even or odd networks This article was found on Cisco Tips & Tricks. Click here to visit the full article on the original website.One of my old student who is preparing for CCNP asked me on how to write an access-list for […]

    Pingback by Compute an access-list to match even or odd networks | linkfeedr — April 12, 2009 @ 7:41 pm

  7. thank for the tip i was a bit confuse about this one

    Comment by Harrison Freeman — April 14, 2009 @ 1:27 pm

  8. […] You can find that post here ciscotips […]

    Pingback by Access-list for matching odd and even network or host. « I am CiscoGeek — April 18, 2009 @ 9:38 am

  9. its not least significiant bit , its the most significiant bit !!!

    Comment by Ayaz Karim — January 2, 2012 @ 11:23 am

  10. access-list 1 permit 0.0.1.0 255.255.254.255
    access-list 1 deny all

    = permit only odd, deny rest

    access-list 2 deny 0.0.1.0 255.255.254.255
    access-list 2 permit any
    = Deny only odd, permit rest

    access-list 3 permit 0.0.0.0 255.255.254.255
    access-list 3 deny all
    = Permit only even, deny rest
    access-list 4 deny 0.0.0.0 255.255.254.255
    access-list 4 permit all
    = Deny only even, permit rest

    Comment by ravi — April 21, 2013 @ 6:08 am

  11. Excellent way of explaining, and nice article to get information regarding my presentation subject matter, which i am going to
    convey in institution of higher education.

    Comment by Andres — April 26, 2013 @ 2:57 am

  12. what if the environment to differentiate ipv6 traffic in odd or even.

    Comment by Anson — September 17, 2013 @ 1:14 pm

  13. You may certainly call at your capabilities within the function you’re writing. The entire world desires a lot more enthusiastic freelancers such as you who are not afraid to express the way they consider. Constantly comply with ones coronary heart.

    Comment by website taruhan — September 18, 2013 @ 5:32 am

  14. Ip address with a range of 10.20.8.50 – 10.20.8.100
    from the 4th subnet is not allowed to access to 1st subnet.

    with this networks
    net# network
    1 10.20.2.0
    2 10.20.4.0
    3 10.20.6.0
    4 10.20.8.0
    5 10.20.10.0

    Comment by Zii — July 31, 2014 @ 9:42 am

  15. very good

    Comment by دانلود فیلم با لینک مستقیم — November 27, 2014 @ 10:44 pm

  16. wow

    Comment by Eddy — December 17, 2015 @ 1:59 pm

  17. This article presents clear idea in favor of the
    new people of blogging, that truly how to do running a blog.

    Comment by ganar dinero en Internet — June 14, 2016 @ 6:19 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: