ACL question

catinthehatcatinthehat Member Posts: 9 ■□□□□□□□□□
This question comes from quizlet https://quizlet.com/81320023/n10-631-660-flash-cards/
Ive worked out the subnets, each of them is a network address. the question doesnt say if the server and user are on the same subnet. and doesn't give a subnet address for the user or server, so I dont understand why all three deny lines can't possibly deny access. Also I find questions with ACLs written in different ways, but always use the same format; why is this?

A user reports that they are unable to access a new server but are able to access all other network resources. Based on the following firewall rules and network information, which of the following ACL entries is the cause?

User's IP: 192.168.5.14
Server IP: 192.168.5.17
Firewall rules:
Permit 192.168.5.16/28192.168.5.0/28
Permit 192.168.5.0/24192.168.4.0/24
Permit 192.168.4.0/24192.168.5.0/24
Deny 192.168.5.0/28192.168.5.16/28
Deny 192.168.14.0/24192.168.5.16/28
Deny 192.168.0.0/24192.168.5.0/24

A. Deny 192.168.0.0/24192.168.5.0/24
B. Deny 192.168.5.0/28192.168.5.16/28
C. Deny 192.168.14.0/24192.168.5.16/28
D. Implicit Deny rule

Comments

  • volfkhatvolfkhat Member Posts: 1,046 ■■■■■■■■□□
    the question doesnt say if the server and user are on the same subnet. and doesn't give a subnet address for the user or server, so I dont understand...

    THAT is your problem.
    You need more tutoring on SLASH Notation.

    The Question DOES tell you what subnet the server and user are on.

    The quizlet flashcard isnt very clear... they LEFT out some spaces. It should have said this:
    Permit 192.168.5.16/28   192.168.5.0/28
    Permit 192.168.5.0/24    192.168.4.0/24
    Permit 192.168.4.0/24    192.168.5.0/24
    Deny 192.168.5.0/28     192.168.5.16/28
    Deny 192.168.14.0/24   192.168.5.16/28
    Deny 192.168.0.0/24      192.168.5.0/24
    

    Hopefully, this is a little more readable for you.

    So, start with the first row. You have two addresses:
    192.168.5.16/28 and 192.168.5.0/28

    The SLASH notation is the --> /28
    /28 Translates into a subnet mask of --> 255.255.255.240

    Thus, the two ip addresses can be rewritten as:
    192.168.5.16
    255.255.255.240

    and
    192.168.5.0
    255.255.255.240

    If you do NOT understand how i just did that... get more tutoring.
    This is Actually an example of VLSM.

    Fun stuff.
    shoot me a PM if you have any other Qs. i can dig up the youtube vids that Taught me these concepts from scratch :]
Sign In or Register to comment.