Access list

MikdillyMikdilly Member Posts: 309
in CCNA & CCENT
If you wanted to permit ip access for addresses in the range 10.0.4.0 /24 thru 10.0.7.0 /24, what would the command be?
· Share on FacebookShare on Twitter

Comments

  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    I would do

    access-list 1 permit ip 10.0.4.0 0.0.3.255



    Thats like 10.0.4.0 255.255.252.0

    4.1 - 7.254
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
    · Share on FacebookShare on Twitter
  • tech-airmantech-airman Member Posts: 953
    Mikdilly wrote:
    If you wanted to permit ip access for addresses in the range 10.0.4.0 /24 thru 10.0.7.0 /24, what would the command be?

    Mikdilly,

    What is 10.0.4.0/24 in binary?
    · Share on FacebookShare on Twitter
  • MikdillyMikdilly Member Posts: 309
    00001010 00000000 00000100 00000000

    11111111 11111111 11111111 00000000

    Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
    Or maybe I've got it all wrong
    · Share on FacebookShare on Twitter
  • tech-airmantech-airman Member Posts: 953
    Mikdilly wrote:
    00001010 00000000 00000100 00000000

    11111111 11111111 11111111 00000000

    Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
    Or maybe I've got it all wrong

    Mikdilly,

    Ok, now what is 10.0.7.0 /24 in binary?
    · Share on FacebookShare on Twitter
  • rjbarlowrjbarlow Member Posts: 411
    Mikdilly wrote:
    00001010 00000000 00000100 00000000

    11111111 11111111 11111111 00000000

    Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
    Or maybe I've got it all wrong
    Is true that the w.mask is always the contrary of the subnet mask, but in this case this statement leads You to a hole, because the subnet mask in this case is 255 for the third octet, while You are requested to isolate just a part of that entire range. Pay attention.
    Pork 3
    Maindrian's music

    WIP: 70-236, 70-293 and MCSE.
    · Share on FacebookShare on Twitter
  • MikdillyMikdilly Member Posts: 309
    tech-airman wrote:
    Mikdilly wrote:
    00001010 00000000 00000100 00000000

    11111111 11111111 11111111 00000000

    Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
    Or maybe I've got it all wrong

    Mikdilly,

    Ok, now what is 10.0.7.0 /24 in binary?

    I think i got it, you do like a route summarization, matching the third octet of both subnets

    00000100
    00000111

    yields a summary address of 10.0.4.0 with subnet mask of 255.255.255.252, subtracting 252 from 255 leads to a wildcard mask of 0.0.3.255 which matches the answer netstudent gave earlier.
    · Share on FacebookShare on Twitter
  • tech-airmantech-airman Member Posts: 953
    Mikdilly,
    Mikdilly wrote:
    tech-airman wrote:
    Mikdilly wrote:
    00001010 00000000 00000100 00000000

    11111111 11111111 11111111 00000000

    Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
    Or maybe I've got it all wrong

    Mikdilly,

    Ok, now what is 10.0.7.0 /24 in binary?

    I think i got it, you do like a route summarization, matching the third octet of both subnets

    I would like to emphasize the "like." Sub/Network Masking and Wildcard Masking are two separate binary processes.
    Mikdilly wrote:
    00000100
    00000111

    I would like to re-emphasize the "like." Route summarization is a method of collecting several networks into a summary network address. Networks such as 192.168.4.0, 192.168.5.0, 192.168.6.0, and 192.168.7.0 becomes the summary network of 192.168.4.0 /22. However, that's where the similarity ends. That's because with sub/network masks, the '1' represents "count that" and '0' represents "don't count that." However, with wildcard masking, '0' means "let through, or do not block" and '1' means "do not let through, or block."
    Mikdilly wrote:
    yields a summary address of 10.0.4.0 with subnet mask of 255.255.255.252, subtracting 252 from 255 leads to a wildcard mask of 0.0.3.255 which matches the answer netstudent gave earlier.

    You're using sub/network mask logic instead of wildcard mask logic. Therefore, even though both methods leads to the same answer, doesn't make it correct. So in order to use the right method, I use the following method:
    1. In binary, what is the lower end of the range?
    2. In binary, what is the high end of the range?
    3. Compare the low end and high end of the range to find common bits.
    4. Once common bits are found, figure out which bits in the wildcard mask need to be turned from '1' to '0' to permit those "common bits" to fall through to match with the argument prior to the wildcard mask.

    In this case:
    1. 10.0.4.0 -> 10.0.00000100.0
    2. 10.0.7.0 -> 10.0.00000111.0
    3. 10.0.00001|XX|.0 -> 10.0.4.0
    4. 0.0.00000|11.255 -> 0.0.3.255

    An answer is as previously mentioned by Netstudent.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.