Options
Access List Question
Drakonblayde
Member Posts: 542
in CCNA & CCENT
Ok, so I'm working through the lab book for CCNA2, and it's throwing an interesting problem at me.
It wants me to create a standard access list so that only odd numbered hosts can ping and even numbered can't.
Given that the subnet is 192.168.14.0/24, I would think that the command
access-list 2 permit 192.168.14.1 0.0.0.254 would accomplish this...
This is my understanding of the wildcard bit masking... a bit turned off (0) tells the ACL to check whether or not that bit matches exactly, a bit turned on tells the ACL to just ignore it...
No, obviously, for all even numbered hosts, the 1st bit is off and for all odd numbered hosts the 1st bit is on. So as I understand it, the above ACL command tells the ACL to make sure the first three octets match exactly (0.0.0) but to check the last bit to make sure it's on (254, or 11111110 binarily)
However, when I apply that ACL to an interface, it allows pinging from both, even and odd numbered hosts (whereas a flat access-list 1 dey 192.168.14.0 0.0.0.255 will deny all pinging).
Now, I'm not doing this on an actual router, but the NetVis 4.0 software patched to the latest available version. So I suppose it's possible that it could just be the software, but I'm curious to see if it's my logic before I get to class tomorrow
It wants me to create a standard access list so that only odd numbered hosts can ping and even numbered can't.
Given that the subnet is 192.168.14.0/24, I would think that the command
access-list 2 permit 192.168.14.1 0.0.0.254 would accomplish this...
This is my understanding of the wildcard bit masking... a bit turned off (0) tells the ACL to check whether or not that bit matches exactly, a bit turned on tells the ACL to just ignore it...
No, obviously, for all even numbered hosts, the 1st bit is off and for all odd numbered hosts the 1st bit is on. So as I understand it, the above ACL command tells the ACL to make sure the first three octets match exactly (0.0.0) but to check the last bit to make sure it's on (254, or 11111110 binarily)
However, when I apply that ACL to an interface, it allows pinging from both, even and odd numbered hosts (whereas a flat access-list 1 dey 192.168.14.0 0.0.0.255 will deny all pinging).
Now, I'm not doing this on an actual router, but the NetVis 4.0 software patched to the latest available version. So I suppose it's possible that it could just be the software, but I'm curious to see if it's my logic before I get to class tomorrow
= Marcus Drakonblayde
================
CCNP-O-Meter:
=[0%]==[25%]==[50%]==[75%]==[100%]
==[X]===[X]====[ ]=====[ ]====[ ]==
=CCNA==BSCI==BCMSN==BCRAN==CIT=
================
CCNP-O-Meter:
=[0%]==[25%]==[50%]==[75%]==[100%]
==[X]===[X]====[ ]=====[ ]====[ ]==
=CCNA==BSCI==BCMSN==BCRAN==CIT=
Comments
-
OptionsDrakonblayde
Member Posts: 542
I'm going to assume that the lack of response was because my logic wasn't flawed.
Just finished trying it out in class, and it works fine the way I outlined it above. Apparently it's a flaw in NetVis4= Marcus Drakonblayde
================
CCNP-O-Meter:
=[0%]==[25%]==[50%]==[75%]==[100%]
==[X]===[X]====[ ]=====[ ]====[ ]==
=CCNA==BSCI==BCMSN==BCRAN==CIT= -
Options
Crisco
Inactive Imported Users Posts: 3 ■□□□□□□□□□
Drakonblayde wrote:I'm going to assume that the lack of response was because my logic wasn't flawed.
Just finished trying it out in class, and it works fine the way I outlined it above. Apparently it's a flaw in NetVis4
Just as a heads up, I passed the CCNA in Febuary and the ACCESS-LIST question could determine right off the bat if you passed or failed, just make sure you can remember that.