Options
Wildcard Masking Question
mattsthe2
Member Posts: 304
in CCNA & CCENT
What would be the statement to apply to ACL to include the follwoing networks
10.1.4.0/24 to 10.1.8.0/24?
10.1.4.0/24 to 10.1.8.0/24?
Comments
-
Options
shednik
Member Posts: 2,005
mattsthe2 wrote:What would be the statement to apply to ACL to include the follwoing networks
10.1.4.0/24 to 10.1.8.0/24?
0.0.4.255 - the wild card mask
They way i usually calculate the wildcard mask is i look at the range of addresses and subtract the difference of the 2
10.1.8.255
10.1.4.0
wildcard mask = 0.0.4.255 -
Options
tech-airman
Member Posts: 953
mattsthe2 wrote:What would be the statement to apply to ACL to include the follwoing networks
10.1.4.0/24 to 10.1.8.0/24?
mattsthe2,
What is 10.1.4.0 in binary? -
Optionsmattsthe2
Member Posts: 304
10 1 4 0
00001010 00000001 00000100 00000000
My first stab at the question i got what shednik got.
My my book said something different.
So i took the time to figure this out.
Apprently it is saying you need two Wildcast Masks as follows:
0.0.3.255 - this will cover the range 10.1.4.0 to 10.1.7.255
0.0.1.255 - this will cover the range 10.1.8.0 -10.1.8.255
Then i thought to myself why do i need two lines when i can get the job done in one with : 0.0.4.255
This is where i got confused a bit.
The explaination i have come up with (correct me if im wrong) is to look at the first subnet in the first IP address range. For example. 10.1.4.0 The subnet octet in this case the 3rd octet needs to be a base-2 number (1,2,4,8,16 etc). If its not match up or match down. In our example this is ok.
Then we need to look to the ending range network in this case 10.1.8.0. The third octet in this case is the subnetted octet, 8. This number should NOT be a base-2 number because its in the next subnetted range.
Please let me know if my explaination is correct or provide a reason why we need two Wildcast Masks. -
OptionsNeonNoodle
Member Posts: 92 ■■□□□□□□□□
mattsthe2 wrote:What would be the statement to apply to ACL to include the follwoing networks
10.1.4.0/24 to 10.1.8.0/24?
To cover the subnets 10.1.4.0/24 to 10.1.8.0/24 you need two statements:
10.1.4.0 0.0.3.255 which covers 10.1.4.0 to 10.1.7.255
10.1.8.0 0.0.0.255 which covers 10.1.8.0 to 10.1.8.255
To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.I recognize the lion by his paw.
--Jacob Bernoulli -
Optionsshednik
Member Posts: 2,005
NeonNoodle wrote:mattsthe2 wrote:What would be the statement to apply to ACL to include the follwoing networks
10.1.4.0/24 to 10.1.8.0/24?
To cover the subnets 10.1.4.0/24 to 10.1.8.0/24 you need two statements:
10.1.4.0 0.0.3.255 which covers 10.1.4.0 to 10.1.7.255
10.1.8.0 0.0.0.255 which covers 10.1.8.0 to 10.1.8.255
To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.
I can see what you mean there but now my question is how would 2 ranges be applied to an interface going in the same direction?? -
Optionsmattsthe2
Member Posts: 304
NeonNoodle wrote:To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.
Yea my bad, 0.0.0.255 on the 2nd wildcard mask.
But im loosing you on how to see why. Can you explain a little further??? -
Optionstech-airman
Member Posts: 953
mattsthe2 wrote:10 1 4 0
00001010 00000001 00000100 00000000
mattsthe2,
That's correct. What is 10.1.8.0 in binary? -
Optionstech-airman
Member Posts: 953
mattsthe2 wrote:10 1 8 0
00001010 00000001 00001000 00000000
mattsthe2,
That's correct. Now, put the binary for 10.1.4.0 on top of the binary for 10.1.8.0 between code tags. -
Optionsmattsthe2
Member Posts: 304
tech-airman,
Your killing me here...00001010 00000001 00000100 00000000 00001010 00000001 00001000 00000000
-
Optionstech-airman
Member Posts: 953
mattsthe2 wrote:tech-airman,
Your killing me here...00001010 00000001 00000100 00000000 00001010 00000001 00001000 00000000
mattsthe2,
Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's. -
OptionsNeonNoodle
Member Posts: 92 ■■□□□□□□□□
mattsthe2 wrote:NeonNoodle wrote:To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.
Yea my bad, 0.0.0.255 on the 2nd wildcard mask.
But im loosing you on how to see why. Can you explain a little further???
00001010.00000001.00000100.00000000-->10.1.4.0
00001010.00000001.00000101.00000000-->10.1.5.0
00001010.00000001.00000110.00000000-->10.1.6.0
00001010.00000001.00000111.00000000-->10.1.7.0
Look at the bolded sections. 10.1.4.0--10.1.7.0 don't vary except in the first two digits of the third octet (and in every digit of the fourth octet, too, but we aren't considering that right now). According to the wildcard mask rules, if the nth bit doesn't vary put a 0. If the nth bit varies put a 1. That why you get
00000000.00000000.00000011.11111111-->0.0.3.255 (The .255 is present because every digit of fourth octet does vary.)
00001010.00000001.00001000.00000000-->10.1.8.0
Can you explain why the wildcard mask for 10.1.8.0
is 0.0.0.255?I recognize the lion by his paw.
--Jacob Bernoulli -
OptionsNeonNoodle
Member Posts: 92 ■■□□□□□□□□
shednik wrote:NeonNoodle wrote:mattsthe2 wrote:What would be the statement to apply to ACL to include the follwoing networks
10.1.4.0/24 to 10.1.8.0/24?
To cover the subnets 10.1.4.0/24 to 10.1.8.0/24 you need two statements:
10.1.4.0 0.0.3.255 which covers 10.1.4.0 to 10.1.7.255
10.1.8.0 0.0.0.255 which covers 10.1.8.0 to 10.1.8.255
To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.
I can see what you mean there but now my question is how would 2 ranges be applied to an interface going in the same direction??
access-list 1 deny 10.1.4.0 0.0.3.255
access-list 1 deny 10.1.8.0 0.0.0.255
access-list 1 permit any
ip access-group 1 out
The access list denies 10.1.4.0--10.1.8.255 outbound.I recognize the lion by his paw.
--Jacob Bernoulli -
Optionsmattsthe2
Member Posts: 304
tech-airman wrote:
mattsthe2,
Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.
Yes the first second and forth octets all are common bit by bit.
The 3rd octet has the 1st, 2nd bits that are common also? -
Optionsmattsthe2
Member Posts: 304
NeonNoodle wrote:
00001010.00000001.00001000.00000000-->10.1.8.0
Can you explain why the wildcard mask for 10.1.8.0
is 0.0.0.255?
I think so. Because the 1st, 2nd and 3rd octets do not change or is ignored but the 4th octet does. The 255 specifies that it uses the whole 4th octet range. I.E 0-255 (00000000 - 11111111) -
Optionstech-airman
Member Posts: 953
mattsthe2 wrote:tech-airman wrote:
mattsthe2,
Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.
Yes the first second and forth octets all are common bit by bit.
The 3rd octet has the 1st, 2nd bits that are common also?
mattsthe2,
That's correct. Now, what kind of bits are in the fourth octet? (choose all that apply)- Network
- Subnetwork
- Host
-
Optionsmattsthe2
Member Posts: 304
tech-airman wrote:mattsthe2 wrote:tech-airman wrote:
mattsthe2,
Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.
Yes the first second and forth octets all are common bit by bit.
The 3rd octet has the 1st, 2nd bits that are common also?
mattsthe2,
That's correct. Now, what kind of bits are in the fourth octet? (choose all that apply)- Network
- Subnetwork
- Host
Unless im making this overly compliated anything after the subnetwork bit is hosts bits.
Answer: Host -
Optionstech-airman
Member Posts: 953
mattsthe2 wrote:tech-airman wrote:mattsthe2 wrote:tech-airman wrote:
mattsthe2,
Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.
Yes the first second and forth octets all are common bit by bit.
The 3rd octet has the 1st, 2nd bits that are common also?
mattsthe2,
That's correct. Now, what kind of bits are in the fourth octet? (choose all that apply)- Network
- Subnetwork
- Host
Unless im making this overly compliated anything after the subnetwork bit is hosts bits.
Answer: Host
mattsthe2,
That's correct. So what's the wildcard mask so far? -
Optionsmattsthe2
Member Posts: 304
tech-airman wrote:
That's correct. So what's the wildcard mask so far?
You lost me now.
Did i get it right in my second post, i think i hit the money from the start? -
OptionsNeonNoodle
Member Posts: 92 ■■□□□□□□□□
Let's try a different approach.
What range of addresses do the following statements cover?
1) 10.1.1.13 0.0.0.7
2) 10.1.1.16 0.0.0.7
3) 10.1.1.13 0.0.0.0
10.1.1.14 0.0.0.1
10.1.1.16 0.0.0.3
10.1.1.20 0.0.0.1
What is the difference between 1) and 2)? Why?
What is the difference between 1) and 3)? Why?I recognize the lion by his paw.
--Jacob Bernoulli -
Optionsmattsthe2
Member Posts: 304
NeonNoodle wrote:Let's try a different approach.
What range of addresses do the following statements cover?
1) 10.1.1.13 0.0.0.7
2) 10.1.1.16 0.0.0.7
3) 10.1.1.13 0.0.0.0
10.1.1.14 0.0.0.1
10.1.1.16 0.0.0.3
10.1.1.20 0.0.0.1
What is the difference between 1) and 2)? Why?
What is the difference between 1) and 3)? Why?
1) 10.1.1.8 - 10.1.1.15
2) 10.1.1.16 - 10.1.1.31
3) 10.1.1.13 - 10.1.1.13
10.1.1.14 - 10.1.1.15
C) 10.1.1.16 - 10.1.1.19
D) 10.1.1.20 - 10.1.1.21
Whats the difference between 1 and 2.
1 is apart of a different subnetwork than 2. 1 falls under the 8 network and 2 falls under the 16 network.
How did i figure that out, i did the following:
255-7=248 i know that 248 has networks in multiples of 8 because its a /21.
What is the difference between 1) and 3)?
1 covers the entire range within that subnetwork and 3 doesnt cover any range except itself because its a /32 network.
