tailieunhanh - CCNA 1 and 2 Companion Guide, Revised (Cisco Networking Academy Program) part 89

Cisco Networking Academy Program CCNA 1 and 2 Companion Guide, Revised part 89 is the Cisco approved textbook to use alongside version of the Cisco Networking Academy Program CCNA 1 and CCNA 2 web-based courses. The topics covered provide you with the necessary knowledge to begin your preparation for the CCNA certification exam (640-801, or 640-821 and 640-811) and to enter the field of network administration. | Page 849 Tuesday May 20 2003 2 53 PM Using Wildcard Mask Bits 849 Figure 20-6 Wildcard Mask Bit Matching 128 64 32 16 8 4 2 1 Octet Bit Position and Address Value for Bit Examples Check All Address Bits Match All 0 0 0 0 0 0 1 1 1 1 0 0 1 1 0 0 1 1 1 1 0 0 1 1 1 1 1 1 1 1 0 0 1 1 1 1 0 0 1 1 Ignore Last 6 Address Bits Ignore Last 4 Address Bits Check Last 2 Address Bits Do Not Check Address Ignore Bits in Octet A wildcard mask is paired with an IP address similar to how a subnet mask is paired with an IP address. Wildcard mask bits use the numbers 1 and 0 to identify how to treat the corresponding IP address bits. ACLs use wildcard masking to identify a single address or multiple addresses for permit or deny tests. The term wildcard masking is a nickname for the ACL mask bit matching process and comes from of an analogy of a wildcard that matches any other card in a poker game. Although both are 32-bit quantities wildcard masks and IP subnet masks operate differently. Recall that the 0s and 1s in a subnet mask determine the network subnet and host portions of the corresponding IP address. The 0s and 1s in a wildcard as just noted determine whether the corresponding bits in the IP address should be checked or ignored for ACL purposes. As you have learned the 0 and 1 bits in an ACL wildcard mask cause the ACL to either check or ignore the corresponding bits in the IP address. Figure 20-7 demonstrates how this wildcard masking process is applied. Suppose that you want to test an IP address for subnets that will be permitted or denied. Assume that the IP address is a Class B address that is the first two octets are the network number with 8 bits of subnetting the third octet is for subnets . You want to use IP wildcard mask bits to permit all packets from any host in the to subnets. Figure 20-7 shows an example of how to use the wildcard mask to do this. Page 850 Tuesday May 20 2003 2 53 PM 850 Chapter 20 Access Control Lists