Access list

Mikdilly

If you wanted to permit ip access for addresses in the range 10.0.4.0 /24 thru 10.0.7.0 /24, what would the command be?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Netstudent

I would do

access-list 1 permit ip 10.0.4.0 0.0.3.255

Thats like 10.0.4.0 255.255.252.0

4.1 - 7.254

tech-airman

Mikdilly wrote:

If you wanted to permit ip access for addresses in the range 10.0.4.0 /24 thru 10.0.7.0 /24, what would the command be?

Mikdilly,

What is 10.0.4.0/24 in binary?

Mikdilly

00001010 00000000 00000100 00000000

11111111 11111111 11111111 00000000

Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
Or maybe I've got it all wrong

tech-airman

Mikdilly wrote:

00001010 00000000 00000100 00000000

11111111 11111111 11111111 00000000

Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
Or maybe I've got it all wrong

Mikdilly,

Ok, now what is 10.0.7.0 /24 in binary?

rjbarlow

Mikdilly wrote:

00001010 00000000 00000100 00000000

11111111 11111111 11111111 00000000

Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
Or maybe I've got it all wrong

Is true that the w.mask is always the contrary of the subnet mask, but in this case this statement leads You to a hole, because the subnet mask in this case is 255 for the third octet, while You are requested to isolate just a part of that entire range. Pay attention.

Mikdilly

tech-airman wrote:

Mikdilly wrote:

00001010 00000000 00000100 00000000

11111111 11111111 11111111 00000000

Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
Or maybe I've got it all wrong

Mikdilly,

Ok, now what is 10.0.7.0 /24 in binary?

I think i got it, you do like a route summarization, matching the third octet of both subnets

00000100
00000111

yields a summary address of 10.0.4.0 with subnet mask of 255.255.255.252, subtracting 252 from 255 leads to a wildcard mask of 0.0.3.255 which matches the answer netstudent gave earlier.

tech-airman

Mikdilly,

Mikdilly wrote:

tech-airman wrote:

Mikdilly wrote:

00001010 00000000 00000100 00000000

11111111 11111111 11111111 00000000

Is this leading to something? Like you're supposed to AND this get the answer? what threw me off was the /24, most questions i've come across like this have masks that you can subtract from 255 to come up with the wildcard mask. But what do you do with 255 subtracted from 255?
Or maybe I've got it all wrong

Mikdilly,

Ok, now what is 10.0.7.0 /24 in binary?

I think i got it, you do like a route summarization, matching the third octet of both subnets

I would like to emphasize the "like." Sub/Network Masking and Wildcard Masking are two separate binary processes.

Mikdilly wrote:

00000100
00000111

I would like to re-emphasize the "like." Route summarization is a method of collecting several networks into a summary network address. Networks such as 192.168.4.0, 192.168.5.0, 192.168.6.0, and 192.168.7.0 becomes the summary network of 192.168.4.0 /22. However, that's where the similarity ends. That's because with sub/network masks, the '1' represents "count that" and '0' represents "don't count that." However, with wildcard masking, '0' means "let through, or do not block" and '1' means "do not let through, or block."

Mikdilly wrote:

yields a summary address of 10.0.4.0 with subnet mask of 255.255.255.252, subtracting 252 from 255 leads to a wildcard mask of 0.0.3.255 which matches the answer netstudent gave earlier.

You're using sub/network mask logic instead of wildcard mask logic. Therefore, even though both methods leads to the same answer, doesn't make it correct. So in order to use the right method, I use the following method:

In binary, what is the lower end of the range?
In binary, what is the high end of the range?
Compare the low end and high end of the range to find common bits.
Once common bits are found, figure out which bits in the wildcard mask need to be turned from '1' to '0' to permit those "common bits" to fall through to match with the argument prior to the wildcard mask.

In this case:

10.0.4.0 -> 10.0.00000100.0
10.0.7.0 -> 10.0.00000111.0
10.0.00001|XX|.0 -> 10.0.4.0
0.0.00000|11.255 -> 0.0.3.255

An answer is as previously mentioned by Netstudent.