address match list syntaxs

Sun Oct 7 21:48:21 UTC 2001

> > Our local subnets are a /24 sequence from 161.241.51/24 to 161.241.81/24 -
> > (its a private network).
> > 
> > Creating an ACL for this group makes a rather long address match list - ie:
> > 
> > acl mylocalsubnets { 161.241.51/24; 161.241.52/24; 161.241.53/24;
> > 		161.241.54/24; .............. > 161.241.81;};
> > 
> > I would be REALLY REALLY nice to be able to write it this way
> > 
> > acl mylocalsubnets { 161.241.51-81/24;};
> > 
> > Thanks!!
> > George Young
> 
> This range of 31 contiguous /24 networks can be covered by the
> following specifications:
> 
>   161.241.51/24;
>   161.241.52/22;    # covers 52-55 (3rd octet divisible by 4)
>   161.241.56/21;    # covers 56-63 (3rd octet divisible by 8)
>   161.241.64/20;    # covers 64-80 (3rd octet divisible by 16)
>   161.241.81/24;

Scratch that; 1+4+8+16+1 != 31.  Here's what I should have written:

    161.241.51/24;
    161.241.52/22;    # covers 52-55 (3rd octet divisible by 4)
    161.241.56/21;    # covers 56-63 (3rd octet divisible by 8)
    161.241.64/20;    # covers 64-79 (3rd octet divisible by 16)
    161.241.80/23;    # covers 80-81 (3rd octet divisible by 2)

I've written a little utility called 'check-net' which does
the necessary arithmetic to validate a network/CIDR and/or
network:subnetmask specification.  It's included in the 'h2n'
distribution at < ftp://ftp.hpl.hp.com/pub/h2n/h2n.tar.gz >.

Andris Kalnozols
Hewlett-Packard Laboratories
andris at hpl.hp.com