Options
what wildcard mask to use for range of hosts?
gemlin
Member Posts: 2 ■□□□□□□□□□
in CCNA & CCENT
Hi
I an having my final practical exam for CCNA2 and got stuck in a wildcard or mask problem
Example:
I have these informations for a LAN:
subnetwork: 192.168.0.112
Gateway: 192.168.0.127
group 1 of hosts: .113 - 119
group 2 of hosts: 120 - 126
Now I need to tell my acceslist (extended) that group 1 should not have access to the upper half of this server pool: 209.0.0.0/24
and that all hosts should have access to the lower half of the address range
the servers should not be reachable by any other hosts.
I don't have access to the serverpool, the ACL should be placed on my router
I understand the wildcardmask of 0.0.0.127 and hos to use it in regards to the serverpool, but not how to specify and calculate the mask (wildcardmask?) for the range of hosts.
HELP!
thanks..
I an having my final practical exam for CCNA2 and got stuck in a wildcard or mask problem
Example:
I have these informations for a LAN:
subnetwork: 192.168.0.112
Gateway: 192.168.0.127
group 1 of hosts: .113 - 119
group 2 of hosts: 120 - 126
Now I need to tell my acceslist (extended) that group 1 should not have access to the upper half of this server pool: 209.0.0.0/24
and that all hosts should have access to the lower half of the address range
the servers should not be reachable by any other hosts.
I don't have access to the serverpool, the ACL should be placed on my router
I understand the wildcardmask of 0.0.0.127 and hos to use it in regards to the serverpool, but not how to specify and calculate the mask (wildcardmask?) for the range of hosts.
HELP!
thanks..
Comments
-
Options
miller811
Member Posts: 897
subnetwork: 192.168.0.112
Gateway: 192.168.0.127
group 1 of hosts: .113 - 119
group 2 of hosts: 120 - 126
since your block of addresses is 16 bits your mask would be
255.255.255.240
which would make your wildcard mask
0.0.0.15
access-list 1 192.168.0.112 0.0.0.15I don't claim to be an expert, but I sure would like to become one someday.
Quest for 11K pages read in 2011
Page Count total to date - 1283 -
OptionsAbrown1966
Member Posts: 16 ■□□□□□□□□□
Gremlin,
Did you assign the addresses in this problem? If so I think the addresses you chose don't work for the access list. I agree with MIller811 answer about the correct wildcard mask being
0.0.0.15 . However if the addresses for group 1 and group two were in diffrent 16 address subnets you could correctly specify one 16 host subnet with your access list.
For example, if group 1's addresses were between 0 and 16 and group 2' were between 16 and 31 the following access list would work and only exclude the group one addresses.
access list 1 permit 192.168.0.16 0.0.0.15
The implicit deny statement at the end would deny group one access.
If i'm wrong someone please correct me.
Alan -
Options
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
Answer should be:
access-list 100 deny ip 192.168.0.112 0.0.0.7 209.0.0.128 0.0.0.127
access-list 100 permit ip any 209.0.0.0 0.0.0.127Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
Optionsgemlin
Member Posts: 2 ■□□□□□□□□□
Ok, the suggestion by EdTheLad actually makes sense
Thanks