what wildcard mask to use for range of hosts?

Hi

I an having my final practical exam for CCNA2 and got stuck in a wildcard or mask problem

Example:

I have these informations for a LAN:

subnetwork: 192.168.0.112
Gateway: 192.168.0.127
group 1 of hosts: .113 - 119
group 2 of hosts: 120 - 126

Now I need to tell my acceslist (extended) that group 1 should not have access to the upper half of this server pool: 209.0.0.0/24

and that all hosts should have access to the lower half of the address range

the servers should not be reachable by any other hosts.

I don't have access to the serverpool, the ACL should be placed on my router

I understand the wildcardmask of 0.0.0.127 and hos to use it in regards to the serverpool, but not how to specify and calculate the mask (wildcardmask?) for the range of hosts.

HELP!

thanks..

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

miller811

subnetwork: 192.168.0.112
Gateway: 192.168.0.127
group 1 of hosts: .113 - 119
group 2 of hosts: 120 - 126

since your block of addresses is 16 bits your mask would be
255.255.255.240
which would make your wildcard mask
0.0.0.15

access-list 1 192.168.0.112 0.0.0.15

Abrown1966

Gremlin,

Did you assign the addresses in this problem? If so I think the addresses you chose don't work for the access list. I agree with MIller811 answer about the correct wildcard mask being
0.0.0.15 . However if the addresses for group 1 and group two were in diffrent 16 address subnets you could correctly specify one 16 host subnet with your access list.

For example, if group 1's addresses were between 0 and 16 and group 2' were between 16 and 31 the following access list would work and only exclude the group one addresses.

access list 1 permit 192.168.0.16 0.0.0.15

The implicit deny statement at the end would deny group one access.

If i'm wrong someone please correct me.

Alan

EdTheLad

Answer should be:

access-list 100 deny ip 192.168.0.112 0.0.0.7 209.0.0.128 0.0.0.127
access-list 100 permit ip any 209.0.0.0 0.0.0.127

gemlin

Ok, the suggestion by EdTheLad actually makes sense

Thanks