permit all the odd ip

avadaavada Registered Users Posts: 3 ■□□□□□□□□□
Hello everyone
i just started my ccnp and i need some help regarding a question
In the Access control list i need to permit all the odd ip's from 192.1.1.28 to 192.1.1.61 and have to use minimum commands

kindly let me know how am i supposed to do it in minimum lines
thanks

Comments

  • NetwurkNetwurk Member Posts: 1,155 ■■■■■□□□□□
    Allowing these networks should give you the minimum

    192.1.1.28 /30
    192.1.1.32 /28
    192.1.1.48 /29
    192.1.1.56 /30
    192.1.1.60 /31
  • avadaavada Registered Users Posts: 3 ■□□□□□□□□□
    can you kindly explain a little ?how does this allow odd ip's between .28 and .61
    thanks
    Netwurk wrote: »
    Allowing these networks should give you the minimum

    192.1.1.28 /30
    192.1.1.32 /28
    192.1.1.48 /29
    192.1.1.56 /30
    192.1.1.60 /31
  • MrBrianMrBrian Member Posts: 520
    Ah the old block only odd IP's question.. You can create an access list that permits odd numbered IP's by pairing an odd numbered IP with a wildcard that has the last "1" bit as a 0 (so that for an IP to match it has to end with a 1, making it odd) in an ACL statement. If you want to permit all the odd IP's between 192.1.1.28 - 192.1.1.61, well those are strange boundaries lol.. but basically you'd do what you normally do and use a block size to match a chunk, except you make the last bit a 0. For example, to match a block of 16 IP's with a wildcard, you'd usually make it 0.0.0.15.. but now you need to make the last bit a 0 so a it would then be 0.0.0.14.. very "odd" to wrap your head around indeed lol. I'm not sure if this is implemented much out in the real world but it's kind of a trick a past instructor of mine showed our class to get us thinking..

    permit 192.1.1.29 0.0.0.2 (this will get .29 and .31 since the last bit in the 4th octet has to be a 1)
    permit 192.1.1.33 0.0.0.14 (this will get .33 to .47)
    permit 192.1.1.49 0.0.0.6 (this will get .49 to .55)
    permit 192.1.1.57 0.0.0.2 (this will get .57 and .59)
    permit 192.1.1.61 0.0.0.0 (finally, this will get .61)

    Then the implicit deny at the end will block everything else. I believe this is the minimum statements you can have without causing any overlap to unwanted IP's getting through! But then again someone may come along and totally blow my mind with something better lol.. I don't like to do these much, but figured I could use the practice, thanks
    Currently reading: Internet Routing Architectures by Halabi
  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    Does this actually work anymore? I remember reading that and trying to lab it out without any success, then heading to google and reading it no longer works. I think much like subnet masks, the 0 and 1 bits in the wildcard mask have to be contiguous now.

    I guess it's still good practice to understanding how wildcard masks work though :)
    Latest Completed: CISSP

    Current goal: Dunno
  • NetwurkNetwurk Member Posts: 1,155 ■■■■■□□□□□
    Thought he meant odd as in strange

    I can't imagine why anyone would want to permit only odd numbers versus even numbers

    More like a puzzle than a real world scenario
  • MrBrianMrBrian Member Posts: 520
    Netwurk wrote: »
    Thought he meant odd as in strange

    I can't imagine why anyone would want to permit only odd numbers versus even numbers

    More like a puzzle than a real world scenario

    LOL.. it was a strange request indeed, but I think they meant to permit the odd IP's and block the even IP's within that range. A past instructor I had gave us things like this to figure out. Plus I've seen other sites demonstrating it. And I agree, more like a puzzle than a real world scenario. I don't have much experience with implementing ACL's real world, but it seems that if this solution was ever needed than you got a weird network going on!

    Bermovick: I haven't messed with ACL's in a bit and too lazy to lab right now, but I'm pretty sure ACL's allow discontiguous wildcards since I've done examples like this in the past. As for configuring summary addresses though, yea those need to be contiguous
    Currently reading: Internet Routing Architectures by Halabi
  • avadaavada Registered Users Posts: 3 ■□□□□□□□□□
    Thank you every one actually my instructor gave us this question and so that is why it sounded weird and not practical to all of you.Really Appreciate the help i thought of 2 solutions that would be

    Permit 192.1.1.29 0.0.0.2
    Deny 192.1.1.0 0.0.0.254
    Deny 192.1.1. 63 0.0.0.0
    Permit 192.1.1.32 0.0.0.31



    and

    Deny 192.1.1.62 0.0.0.1
    permit 192.1.1.29 0.0.0.2
    permit 192.1.1.33 0.0.0.30



    Thanks
    please let me know about your thoughts
  • CyanicCyanic Member Posts: 289
    avada wrote: »
    Deny 192.1.1.62 0.0.0.1
    permit 192.1.1.29 0.0.0.2
    permit 192.1.1.33 0.0.0.30


    This is what I came up with except the deny IMO is cleaner this way.

    deny 192.1.1.63 0.0.0.0

    Either way, this is excellent binary mask practice.
Sign In or Register to comment.