Summarizing discontinuous networks

The summarization of discontinuous networks is a neat feature, but I doubt that chances are high to find a situation where those IPs are the matching ones in a real environment. But anyhow its something you should keep in mind during preparations for Cisco exams.

So lets say we have the following Addresses and we have to summarize them and no other addresses using a standard ACL:

116.1.162.33
116.1.162.37
116.1.170.33
116.1.170.37
116.1.178.33
116.1.178.37
116.1.186.33
116.1.186.37

At the first glance it looks like its not possible but if you start to change the addresses from decimal to binary they start to share similarities. In this case we only need to translate the 3rd and 4th octet of the addresses since the first two are always the same.
3rd octet:

4th octet:

If you compare those addresses in binary you’ll observe that the 3rd octet addresses only vary in bit 4 and 5

while the 4th octet addresses only vary in the 6th bit all other bits stay the same in all addresses.

So if we remember the rules for the wildcard masks where a 0 means match and a 1 dont care we can calculate the wildcard mask for those IPs. The wildcard mask for the 3rd octet will lead to 00011000 and for the 4th octet 00000100 in decimal this is 24 and 4. So given that the first two octets all stay the same the wildcard mask for all IPs is 0.0.24.4
A one liner standard access list to match only those IPs will then look like this:

access-list 1 permit 116.1.162.33 0.0.24.4

You can also use this kind of summarization for a group ACL during the RP configuration. Auto-RP seems to not like those kind of Multicast Group definitions.
Lets assume that we want the router to only be RP for the following multicast group ranges and we are lazy so we only want to use a one line ACL:

233.2.1.0 – 233.2.1.255
233.34.1.0 – 233.34.1.255
233.66.1.0 – 233.66.1.255
233.98.1.0 – 233.98.1.255

Now we have again two bits that do not match through all the IPs, this time its the 2nd and 3rd bit. All other stay the same.

This leads to a wildcard mask of 01100000 or a decimal 96. To match all addresses the wildcard mask will be 0.96.0.255 and the ACL:

ip access-list standard RP-Groups
permit 233.2.1.0 0.96.0.255

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s