|
|
发表于 2003-9-11 19:40:03
|
显示全部楼层
|
Wildcards<br>Wildcards are used with access lists to specify a host, network, or part of a network. To understand a wildcard , you need to understand what a block size is; these are used to specify a range of addresses. Some of the different block sizes available are 64, 32, 16, 8, and 4.<br><br>When you need to specify a range of addresses, you choose the next-largest block size for your needs. For example, if you need to specify 34 networks, you need a block size of 64. If you want to specify 18 hosts, you need a block size of 32. If you only specify two networks, then a block size of 4 would work.<br>Wildcards are used with the host or network address to tell the router a range of available addresses to filter. To specify a host, the address would look like this:<br>172.16.30.5 0.0.0.0<br>The four zeros represent each octet of the address. Whenever a zero is<br>present, it means that octet in the address must match exactly. To specify that an octet can be any value, the value of 255 is used. As an example, here is how a full subnet is specified with a wildcard:<br>172.16.30.0 0.0.0.255<br>This tells the router to match up the first three octets exactly, but the fourth octet can be any value.<br>Now, that was the easy part. What if you want to specify only a small<br>range of subnets? This is where the block sizes come in. You have to specify the range of values in a block size. In other words, you can’t choose to specify 20 networks. You can only specify the exact amount as the block size value. For example, the range would either have to be 16 or 32, but not 20.<br>Let’s say that you want to block access to part of network that is in the range from 172.16.8.0 through 172.16.15.0. That is a block size of 8. Your network number would be 172.16.8.0, and the wildcard would be 0.0.7.255.<br>Whoa! What is that? The 7.255 is what the router uses to determine the block size. The network and wildcard tell the router to start at 172.16.8.0 and go up a block size of eight addresses to network 172.16.15.0.<br>It is actually easier than it looks. I could certainly go through the binary math for you, but actually all you have to do is remember that the wildcard is always one number less than the block size. So, in our example, the wildcard would be 7 since our block size is 8. If you used a block size of 16, the wildcard would be 15. Easy, huh?<br>We’ll go through some examples to help you really understand it. The following example tells the router to match the first three octets exactly but that the fourth octet can be anything.<br>RouterA(config)#<br>access-list 10 deny 172.16.10.0 0.0.0.255<br>The next example tells the router to match the first two octets and that the last two octets can be any value.<br><br>RouterA(config)#<br>access-list 10 deny 172.16.0.0<br>0.0.255.255<br>Try to figure out this next line:<br>RouterA(config)#<br>access-list 10 deny 172.16.16.0 0.0.3.255<br>The above configuration tells the router to start at network 172.16.16.0 and use a block size of 4. The range would then be 172.16.16.0 through 172.16.19.0.<br>The example below shows an access list starting at 172.16.16.0 and going up a block size of 8 to 172.16.23.0.<br>RouterA(config)#<br>access-list 10 deny 172.16.16.0 0.0.7.255<br>The next example starts at network 172.16.32.0 and goes up a block size of 32 to 172.16.63.0.<br>RouterA(config)#<br>access-list 10 deny 172.16.32.0 0.0.31.255<br>The last example starts at network 172.16.64.0 and goes up a block size of 64 to 172.16.127.0.<br>RouterA(config)#<br>access-list 10 deny 172.16.64.0 0.0.63.255<br>Here are two more things to keep in mind when working with block sizes<br>and wildcards:<br><br>Each block size must start at 0. For example, you can’t say that you want a block size of 8 and then start at 12. You must use 0–7, 8–15, 16–23, etc. For a block size of 32, the ranges are 0–31, 32–63, 64–95, etc.<br><br>The command any is the same thing as writing out the wildcard<br>0.0.0.0 255.255.255.255. |
|
|熊猫同学技术论坛|小黑屋|
网络工程师论坛
( 沪ICP备09076391 )
提升卡
置顶卡
变色卡
显身卡