Wildcard Masking Question

mattsthe2mattsthe2 Member Posts: 304
What would be the statement to apply to ACL to include the follwoing networks
10.1.4.0/24 to 10.1.8.0/24?

Comments

  • shednikshednik Member Posts: 2,005
    mattsthe2 wrote:
    What would be the statement to apply to ACL to include the follwoing networks
    10.1.4.0/24 to 10.1.8.0/24?

    0.0.4.255 - the wild card mask

    They way i usually calculate the wildcard mask is i look at the range of addresses and subtract the difference of the 2

    10.1.8.255
    10.1.4.0

    wildcard mask = 0.0.4.255
  • tech-airmantech-airman Member Posts: 953
    mattsthe2 wrote:
    What would be the statement to apply to ACL to include the follwoing networks
    10.1.4.0/24 to 10.1.8.0/24?

    mattsthe2,

    What is 10.1.4.0 in binary?
  • mattsthe2mattsthe2 Member Posts: 304
    10 1 4 0

    00001010 00000001 00000100 00000000



    My first stab at the question i got what shednik got.
    My my book said something different.

    So i took the time to figure this out.

    Apprently it is saying you need two Wildcast Masks as follows:


    0.0.3.255 - this will cover the range 10.1.4.0 to 10.1.7.255
    0.0.1.255 - this will cover the range 10.1.8.0 -10.1.8.255

    Then i thought to myself why do i need two lines when i can get the job done in one with : 0.0.4.255

    This is where i got confused a bit.

    The explaination i have come up with (correct me if im wrong) is to look at the first subnet in the first IP address range. For example. 10.1.4.0 The subnet octet in this case the 3rd octet needs to be a base-2 number (1,2,4,8,16 etc). If its not match up or match down. In our example this is ok.

    Then we need to look to the ending range network in this case 10.1.8.0. The third octet in this case is the subnetted octet, 8. This number should NOT be a base-2 number because its in the next subnetted range.


    Please let me know if my explaination is correct or provide a reason why we need two Wildcast Masks.
  • NeonNoodleNeonNoodle Member Posts: 92 ■■□□□□□□□□
    mattsthe2 wrote:
    What would be the statement to apply to ACL to include the follwoing networks
    10.1.4.0/24 to 10.1.8.0/24?


    To cover the subnets 10.1.4.0/24 to 10.1.8.0/24 you need two statements:

    10.1.4.0 0.0.3.255 which covers 10.1.4.0 to 10.1.7.255
    10.1.8.0 0.0.0.255 which covers 10.1.8.0 to 10.1.8.255

    To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.
    I recognize the lion by his paw.
    --Jacob Bernoulli
  • shednikshednik Member Posts: 2,005
    NeonNoodle wrote:
    mattsthe2 wrote:
    What would be the statement to apply to ACL to include the follwoing networks
    10.1.4.0/24 to 10.1.8.0/24?


    To cover the subnets 10.1.4.0/24 to 10.1.8.0/24 you need two statements:

    10.1.4.0 0.0.3.255 which covers 10.1.4.0 to 10.1.7.255
    10.1.8.0 0.0.0.255 which covers 10.1.8.0 to 10.1.8.255

    To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.

    I can see what you mean there but now my question is how would 2 ranges be applied to an interface going in the same direction??
  • mattsthe2mattsthe2 Member Posts: 304
    NeonNoodle wrote:
    To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.


    Yea my bad, 0.0.0.255 on the 2nd wildcard mask.

    But im loosing you on how to see why. Can you explain a little further???
  • tech-airmantech-airman Member Posts: 953
    mattsthe2 wrote:
    10 1 4 0

    00001010 00000001 00000100 00000000

    mattsthe2,

    That's correct. What is 10.1.8.0 in binary?
  • mattsthe2mattsthe2 Member Posts: 304
    10 1 8 0

    00001010 00000001 00001000 00000000
  • tech-airmantech-airman Member Posts: 953
    mattsthe2 wrote:
    10 1 8 0

    00001010 00000001 00001000 00000000

    mattsthe2,

    That's correct. Now, put the binary for 10.1.4.0 on top of the binary for 10.1.8.0 between code tags.
  • mattsthe2mattsthe2 Member Posts: 304
    tech-airman,
    Your killing me here...

    00001010 00000001 00000100 00000000
    00001010 00000001 00001000 00000000
    
    
  • tech-airmantech-airman Member Posts: 953
    mattsthe2 wrote:
    tech-airman,
    Your killing me here...

    00001010 00000001 00000100 00000000
    00001010 00000001 00001000 00000000
    
    

    mattsthe2,

    Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.
  • NeonNoodleNeonNoodle Member Posts: 92 ■■□□□□□□□□
    mattsthe2 wrote:
    NeonNoodle wrote:
    To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.


    Yea my bad, 0.0.0.255 on the 2nd wildcard mask.

    But im loosing you on how to see why. Can you explain a little further???

    00001010.00000001.00000100.00000000-->10.1.4.0
    00001010.00000001.00000101.00000000-->10.1.5.0
    00001010.00000001.00000110.00000000-->10.1.6.0
    00001010.00000001.00000111.00000000-->10.1.7.0


    Look at the bolded sections. 10.1.4.0--10.1.7.0 don't vary except in the first two digits of the third octet (and in every digit of the fourth octet, too, but we aren't considering that right now). According to the wildcard mask rules, if the nth bit doesn't vary put a 0. If the nth bit varies put a 1. That why you get
    00000000.00000000.00000011.11111111-->0.0.3.255 (The .255 is present because every digit of fourth octet does vary.)

    00001010.00000001.00001000.00000000-->10.1.8.0
    Can you explain why the wildcard mask for 10.1.8.0
    is 0.0.0.255?
    I recognize the lion by his paw.
    --Jacob Bernoulli
  • NeonNoodleNeonNoodle Member Posts: 92 ■■□□□□□□□□
    shednik wrote:
    NeonNoodle wrote:
    mattsthe2 wrote:
    What would be the statement to apply to ACL to include the follwoing networks
    10.1.4.0/24 to 10.1.8.0/24?


    To cover the subnets 10.1.4.0/24 to 10.1.8.0/24 you need two statements:

    10.1.4.0 0.0.3.255 which covers 10.1.4.0 to 10.1.7.255
    10.1.8.0 0.0.0.255 which covers 10.1.8.0 to 10.1.8.255

    To see why, convert the third octets to binary and apply the rules for wildcard masks, i.e. a binary zero means the bit must match and a binary one means the bit can be either one or zero.

    I can see what you mean there but now my question is how would 2 ranges be applied to an interface going in the same direction??

    access-list 1 deny 10.1.4.0 0.0.3.255
    access-list 1 deny 10.1.8.0 0.0.0.255
    access-list 1 permit any

    ip access-group 1 out

    The access list denies 10.1.4.0--10.1.8.255 outbound.
    I recognize the lion by his paw.
    --Jacob Bernoulli
  • mattsthe2mattsthe2 Member Posts: 304

    mattsthe2,

    Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.


    Yes the first second and forth octets all are common bit by bit.
    The 3rd octet has the 1st, 2nd bits that are common also?
  • mattsthe2mattsthe2 Member Posts: 304
    NeonNoodle wrote:

    00001010.00000001.00001000.00000000-->10.1.8.0
    Can you explain why the wildcard mask for 10.1.8.0
    is 0.0.0.255?


    I think so. Because the 1st, 2nd and 3rd octets do not change or is ignored but the 4th octet does. The 255 specifies that it uses the whole 4th octet range. I.E 0-255 (00000000 - 11111111)
  • tech-airmantech-airman Member Posts: 953
    mattsthe2 wrote:

    mattsthe2,

    Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.


    Yes the first second and forth octets all are common bit by bit.
    The 3rd octet has the 1st, 2nd bits that are common also?

    mattsthe2,

    That's correct. Now, what kind of bits are in the fourth octet? (choose all that apply)
    1. Network
    2. Subnetwork
    3. Host
  • mattsthe2mattsthe2 Member Posts: 304
    mattsthe2 wrote:

    mattsthe2,

    Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.


    Yes the first second and forth octets all are common bit by bit.
    The 3rd octet has the 1st, 2nd bits that are common also?

    mattsthe2,

    That's correct. Now, what kind of bits are in the fourth octet? (choose all that apply)
    1. Network
    2. Subnetwork
    3. Host

    Unless im making this overly compliated anything after the subnetwork bit is hosts bits.

    Answer: Host
  • tech-airmantech-airman Member Posts: 953
    mattsthe2 wrote:
    mattsthe2 wrote:

    mattsthe2,

    Now, do you notice any common bits in both of those binary addresses? Common bits INCLUDES the '0's.


    Yes the first second and forth octets all are common bit by bit.
    The 3rd octet has the 1st, 2nd bits that are common also?

    mattsthe2,

    That's correct. Now, what kind of bits are in the fourth octet? (choose all that apply)
    1. Network
    2. Subnetwork
    3. Host

    Unless im making this overly compliated anything after the subnetwork bit is hosts bits.

    Answer: Host

    mattsthe2,

    That's correct. So what's the wildcard mask so far?
  • mattsthe2mattsthe2 Member Posts: 304

    That's correct. So what's the wildcard mask so far?

    You lost me now.

    Did i get it right in my second post, i think i hit the money from the start?
  • NeonNoodleNeonNoodle Member Posts: 92 ■■□□□□□□□□
    Let's try a different approach.

    What range of addresses do the following statements cover?

    1) 10.1.1.13 0.0.0.7

    2) 10.1.1.16 0.0.0.7

    3) 10.1.1.13 0.0.0.0
    10.1.1.14 0.0.0.1
    10.1.1.16 0.0.0.3
    10.1.1.20 0.0.0.1

    What is the difference between 1) and 2)? Why?

    What is the difference between 1) and 3)? Why?
    I recognize the lion by his paw.
    --Jacob Bernoulli
  • mattsthe2mattsthe2 Member Posts: 304
    NeonNoodle wrote:
    Let's try a different approach.

    What range of addresses do the following statements cover?

    1) 10.1.1.13 0.0.0.7

    2) 10.1.1.16 0.0.0.7

    3) 10.1.1.13 0.0.0.0
    10.1.1.14 0.0.0.1
    10.1.1.16 0.0.0.3
    10.1.1.20 0.0.0.1

    What is the difference between 1) and 2)? Why?

    What is the difference between 1) and 3)? Why?

    1) 10.1.1.8 - 10.1.1.15
    2) 10.1.1.16 - 10.1.1.31
    3) 10.1.1.13 - 10.1.1.13
    B) 10.1.1.14 - 10.1.1.15
    C) 10.1.1.16 - 10.1.1.19
    D) 10.1.1.20 - 10.1.1.21

    Whats the difference between 1 and 2.
    1 is apart of a different subnetwork than 2. 1 falls under the 8 network and 2 falls under the 16 network.
    How did i figure that out, i did the following:
    255-7=248 i know that 248 has networks in multiples of 8 because its a /21.


    What is the difference between 1) and 3)?
    1 covers the entire range within that subnetwork and 3 doesnt cover any range except itself because its a /32 network.
  • r_durantr_durant Member Posts: 486 ■■■□□□□□□□
    mattsthe2 wrote:
    2) 10.1.1.16 - 10.1.1.31

    I think this should be 10.1.1.16 - 10.1.1.23
    CCNA (Expired...), MCSE, CWNA, BSc Computer Science
    Working on renewing CCNA!
  • mattsthe2mattsthe2 Member Posts: 304
    r_durant wrote:
    mattsthe2 wrote:
    2) 10.1.1.16 - 10.1.1.31

    I think this should be 10.1.1.16 - 10.1.1.23


    Yes your right, i think i needed sleep at that point.
    Net: 0,8,16,24
Sign In or Register to comment.