Wildcard typo in Cisco Press book?

pizzafart · March 2006

OK tell me I'm not losing my mind. I'm scheduled for the BSCI exam on the 11th. Clearly I shouldn' t be stumbling on something like this. I know I know I should sim it for myself but I'm not going to have access to good equipment until Saturday.

This is a bogus access list line, right:
access-list 20 deny 172.16.0.0 0.31.255.255

It would make more sense as
access-list 20 deny 172.16.0.0 0.15.255.255 (or something similar)

Someone tell me I haven't lost my marbles.
Thanks!

It's on page 561 of BSCI self-study, 2nd edition (Teare, Paquet).

sart · March 2006

This question needs more context. Pretty much any wildcard mask you put in is valid.

pizzafart · March 2006

It's a legal command but this:

access-list 20 deny 172.16.0.0 0.31.255.255.

is no different than using this:

access-list 20 deny 172.0.0.0 0.31.255.255.

It boils down to aesthetics. In the 2nd octet, the bit that makes a '16' falls within the wildcard range (it's the forth high order bit: 00010000).

So, it's just the same as a 16 or as a 0. Using a '0' makes things easier to read because it matches the beginning of the wildcard range. Let's say the command got even more out of hand. This:

access-list 20 deny 172.16.0.0 0.31.255.255.

is the same as this:

access-list 20 deny 172.16.5.0 0.31.255.255.

is the same as this

access-list 20 deny 172.5.123.123 0.31.255.255.

and so forth.

Since 172.5.123.123 is obviously uncalled for, it's reasonable to say that 172.16.0.0 is also uncalled for (just less so). 172.0.0.0 presents the beginning of the wildcard range: 172.0.0.0 through 172.31.255.255. It's just better on the eyes that way. Really though, in this situation, my guess is that they wanted 172.16.0.0 0.15.255.255. This is my guess because it seems that someone would think of a network before the wildcard. They probably just screwed up the wildcard.

Wildcard typo in Cisco Press book?

Comments