wildcard mask question

Broken answer. This access list permits any IP traffic from two addresses only -

192.168.14.1 and 192.168.14.0. Assuming 192.168.14.0 is not a legal host id, then the list permits all IP traffic from .1 only.

The following list is closer to the solution .....

access-list 199 deny icmp 0.0.0.0 255.255.255.254 any echo access-list 199 permit any any

The above permits any traffic from any host with the exception of pings originating from an even numbered host. The source address, 0.0.0.0, could be any even numbered IP at all - the wild card mask is just checking for the least significant bit being set to a "zero" value, which makes the whole address an 'even' number.

Rught. Remember addresses are just a binary stream. a 1 in the wild card is a don't care.

What that pattern means is match on the first three octets, and the last bit. Take the groupings of octets separately. The first thre zeros mean address needs to be 192.168.14.n the last octet binary pattern is;

0000 0001 The wild card mask is 1111 1110

That means don't care for the first seven bits, last be we care, and the bit in the pattern is set, to to match on the last octet the last bit must be set, ire the address must be odd.

P.

Subnet masks : match all bits that are on (all 1s) ignore all bits that are off (all 0s) Wild card: match all bits that are off (all 0s) ignore all bits that are on (all 1s)

To understand it better, the above wild card as a subnet would be:

255.255.255.1

I have read somewhere the advantages of using a wild card instead of subnet, but i do not remember where.