I need help with ACL

rodrigo081089rodrigo081089 Member Posts: 17 ■□□□□□□□□□
I´m doing the exercises from Wendell Odom ICND2 book, at the chapter 7 the question 6 says:

Which of the following access-list commands matches all packets in the range of addresses in subnet 172.16.5.0/25?

a. access-list 1 permit 172.16.0.5 0.0.255.0

b. access-list 1 permit 172.16.4.0 0.0.1.255

c. access-list 1 permit 172.16.5.0

d. access-list 1 permit 172.16.5.0 0.0.0.128

The right answer for me is the "d", but in the book says the right answer is the "b"

Did I it bad, or is the book is wrong?

Thanks

Comments

  • RoguetadhgRoguetadhg Member Posts: 2,489 ■■■■■■■■□□
    b.

    d: 0.0.0.128 = 172.16.5.0 & 172.16.5.128 only. It's not a range.
    b. 0.0.1.255 = 172.16.4.0 - 172.16.5.255

    The given range asks for all packets within 5.0 /25= Subnet Mask: 255.255.255.128. IP range which is found with the Subnet Mask means: 172.16.5.0 - 172.16.5.127

    172.16.5.0 = 0000 0101.0|000 0000
    255.255.255.128 = 1111 1111.1|000 0000. Meaning that the numbers within the mask can't change.
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

  • rodrigo081089rodrigo081089 Member Posts: 17 ■□□□□□□□□□
    Thank you, so when they ask me questions like that, i can´t get the wc changing the bits in binary right?

    Because i put the mask in binary:

    11111111 11111111 11111111 10000000

    and then i´ve change the bits

    00000000 00000000 00000000 011111111
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    This is an explanation in the answers section as to why it's B. The reason being is that you want an access list in the subnet range.
    2017 Certification Goals:
    CCNP R/S
  • rodrigo081089rodrigo081089 Member Posts: 17 ■□□□□□□□□□
    So if i use access-list 1 permit 172.16.4.0 0.0.1.255 is the same if i want use access-list 1 permit 172.16.5.0 0.0.0.127 ?
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    No.

    0.0.1.255 will block 172.16.4.0 - 172.16.5.255 (subnet range).

    0.0.0.127 will block 172.16.5.0 - 172.16.5.127
    2017 Certification Goals:
    CCNP R/S
  • rodrigo081089rodrigo081089 Member Posts: 17 ■□□□□□□□□□
    Of course, i explain me bad, i mean 0.0.0.127 is a good wildcard for the subnet 172.16.5.0/25 right? even better than 0.0.1.255
  • RoguetadhgRoguetadhg Member Posts: 2,489 ■■■■■■■■□□
    What is the non-CIDR version of "/25"? That's the subnet mask.
    Using the normal IPv4 bit, write out the number of bits, in each octet that /25 represents.

    To find the wild-card mask, you just exchange all the 0's and 1's in a subnet mask.
    - Simply: 1) If it was a 0; It becomes 1. 2) If it was a 1; it becomes a 0.

    Another way: If it's /25. Subtract that from /32 (Which is the CIDR notation for all 1's for an IPv4 address.). You'll get the number of bits that are going to be the WildCard Mask... Right to Left. 32-25 = 7 = /7


    Non-CIDR is: 1111 1111.1111 1111.1111 1111.1000 0000
    Wild Card Mask:0000 0000.0000 0000.0000 0000.0
    111 1111

    Makes 0.0.0.127 the wildcard mask.
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

  • rodrigo081089rodrigo081089 Member Posts: 17 ■□□□□□□□□□
    Thanks both of you, now I understand this well
  • Danielh22185Danielh22185 Member Posts: 1,195 ■■■■□□□□□□
    I have always just thought of the wildcard masks as just 1 minus the subnet you are trying to match. So if you are trying to match a /25 which is 128 address, subtract 1 and that gives you 127 for your wildcard. I find sometimes explaining the binary conversion makes it a bit more confusing.
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
  • NewInBussinesNewInBussines Member Posts: 28 ■□□□□□□□□□
    the corect answer is b
Sign In or Register to comment.