Cisco Systems RJ-45-to-AUX manual Access list string as an example, 257

access list string as an example:

access−list 2 permit 193.5.5.10 0.0.0.255 log

Tip An octet is the 8−bit value between each dotted decimal in an IP address. For the IP address of 193.5.5.10 the first octet is 193 and the fourth octet is 10. It is always important to remember which octet you want to mask.

The 0.0.0 of the wildcard address means that the first three octets of the source interface’s IP address must exactly match the first three octets of the network portion of the Class C IP address: 193.5.5. Because the last octet is 255, the last octet of the source interface of received data can be any value. This statement means that any host address with the network ID 193.5.5 will be permitted. Based on this IP scheme, you may be using variable−length subnet masks (VLSM).

To identify IP addresses that can be used within your chosen subnet mask, you must use the correct inverse address to identify those addresses. Table 13.1 shows the possible wildcard inverse addresses matched to the subnet mask.

Table 13.1: Possible wildcard inverse addresses.

There is an easy way to figure out the wildcard inverse mask for your access list or the first network available with any subnet mask. Always remember the magic number of 256, then subtract the network mask minus 1. For example, with 255.255.255.192, use the 192, subtract it from the magic number of 256, and you will get 64, which is your first network. Subtract one more and you will get the inverse wildcard mask for your access list identifying the network.

Here’s another example. Say you have a class C subnet mask of 255.255.255.224. Subtract 224 from the magic number of 256 and you will get the first valid network of 32. Subtract 1 and you will get the network inverse mask of 31.

You can use the same magic number to subnet. Let’s say you want to know the first and second networks of a 30−bit mask that is commonly used on point−to−point WAN links in order to conserve IP addresses. This would be a mask of 255.255.255.252. Taking the magic number of 256 and subtracting 252 we would get the number 4, which is our first valid network number. This time, instead of subtracting one, multiply by 2 and you get your second valid network, which is 8. This means that your valid hosts are 5 and 6 and your broadcast address is 7. This means we have just created a network with two hosts and wasted no IP addresses.

Let’s look at another example using 255.255.255.240, which is a 28−bit mask. Table 13.2 shows the first three valid networks, the network numbers, the valid hosts for each network, and the broadcast address for each subnetted network.

Table 13.2: Example of subnetting 255.255.255.240.

257