ACL Drill Set 3 – Answers

 In 200-301 V2 Ch02: Standard ACLs, 200-301 V2 Part 1: IP ACLs, ACL Drill, CCENT-OLD
5

This post makes no sense without the questions from the previous post, so check those out if you’ve not done so already. The questions list ACLs that were typed in a text editor, so they could list an IP address parameter that IOS will change, depending on the wildcard mask. Look below the fold to check your answers, and ask questions if you have them.

First, the repeated original 5 ACLs:

  1. access-list 1 permit 10.0.0.0 0.0.0.255
  2. access-list 2 permit 10.1.0.0 0.0.255.255
  3. access-list 3 permit 172.16.112.0 0.0.15.255
  4. access-list 4 permit 172.16.113.192 0.0.0.31
  5. access-list 5 permit 172.16.150.0 0.0.7.255

And now the answers. Note that of these, only the 5th ACL changes when copied into config mode on a router.

  1. 10.0.0.0  – 10.0.0.255
  2. 10.1.0.0 – 10.1.255.255
  3. 172.16.112.0 – 172.16.127.255
  4. 172.16.113.192 – 172.16.113.223
  5. 172.16.144.0 – 172.16.151.255
ACL Drill Set 3
The Blogs Get a New WordPress Template
Subscribe
Notify of
guest

5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Taylor B

Is answer 5 a mistake?
I got 172.16.150.1-172.16.157.255 and that it would not change when added to the running config?

Did I do something wrong here?

0
Reply
Jesus D

172.16.150.0 is not a Network, it’s an IP Address.

172.16.150.0 0.0.7.255 means a range from a /21 network, which means jumps of 8 in the third octect (subnetting)

172.16.0.0 -> 172.16.8.0 -> … -> 172.16.144.0 -> 172.16.152.0 -> … -> 172.16.248.0

So the correct range for that network is: 172.16.144.0 – 172.16.151.255

0
Reply
lyjo

Taylor,
Jesus summed it up nicely.
On your answer, you may have followed the process to just add the wildcard mask to the IP address/subnet listed to get the end of the range. However, the problem statement mentioned that the commands were in a text editor, to be pasted. IOS will take an access-list command, do the math like Jesus described, do the math to determine the range of IP addresses implied by the combined number and wildcard, and then change the first number if it’s not the first number in the range.

To do that math:
Invert the wildcard mask to turn it into a wildcard mask.
Do the same old subnetting math on the two numbers as IP address and SUBNET mask to find the range of addresses in the subnet
If the calculated “subnet number” isn’t the same number that was in the access-list command, IOS will change it to that value (172.16.48.0 in this case).
Hope this helps…
Wendell

0
Reply
ali

Hello Wendell
I appreciate your great work. The concepts you have covered are very applicable and you covered them such a way that give me a sense of great understanding of the material…

0
Reply
certskills

You’re welcome! Glad to be of service.

0
Reply
5
0
Would love your thoughts, please comment.x
()
x