ACL Drill Set 3 – Answers

certskills
By certskills October 19, 2015 09:05

This post makes no sense without the questions from the previous post, so check those out if you’ve not done so already. The questions list ACLs that were typed in a text editor, so they could list an IP address parameter that IOS will change, depending on the wildcard mask. Look below the fold to check your answers, and ask questions if you have them.

First, the repeated original 5 ACLs:

  1. access-list 1 permit 10.0.0.0 0.0.0.255
  2. access-list 2 permit 10.1.0.0 0.0.255.255
  3. access-list 3 permit 172.16.112.0 0.0.15.255
  4. access-list 4 permit 172.16.113.192 0.0.0.31
  5. access-list 5 permit 172.16.150.0 0.0.7.255

And now the answers. Note that of these, only the 5th ACL changes when copied into config mode on a router.

  1. 10.0.0.0  – 10.0.0.255
  2. 10.1.0.0 – 10.1.255.255
  3. 172.16.112.0 – 172.16.127.255
  4. 172.16.113.192 – 172.16.113.223
  5. 172.16.144.0 – 172.16.151.255
ACL Drill Set 3
Answers: OSPF Interface Config 1
certskills
By certskills October 19, 2015 09:05
TAGS: ACL
Subscribe
Notify of

Your e-mail address will not be published.
Required fields are marked*

guest

5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Taylor B
Taylor B
June 14, 2017 11:02 pm

Is answer 5 a mistake?
I got 172.16.150.1-172.16.157.255 and that it would not change when added to the running config?

Did I do something wrong here?

0
Reply
Jesus D
Jesus D
Reply to  Taylor B
July 14, 2017 7:38 pm

172.16.150.0 is not a Network, it’s an IP Address.

172.16.150.0 0.0.7.255 means a range from a /21 network, which means jumps of 8 in the third octect (subnetting)

172.16.0.0 -> 172.16.8.0 -> … -> 172.16.144.0 -> 172.16.152.0 -> … -> 172.16.248.0

So the correct range for that network is: 172.16.144.0 – 172.16.151.255

0
Reply
lyjo
lyjo
Admin
Reply to  Taylor B
July 21, 2017 9:36 am

Taylor,
Jesus summed it up nicely.
On your answer, you may have followed the process to just add the wildcard mask to the IP address/subnet listed to get the end of the range. However, the problem statement mentioned that the commands were in a text editor, to be pasted. IOS will take an access-list command, do the math like Jesus described, do the math to determine the range of IP addresses implied by the combined number and wildcard, and then change the first number if it’s not the first number in the range.

To do that math:
Invert the wildcard mask to turn it into a wildcard mask.
Do the same old subnetting math on the two numbers as IP address and SUBNET mask to find the range of addresses in the subnet
If the calculated “subnet number” isn’t the same number that was in the access-list command, IOS will change it to that value (172.16.48.0 in this case).
Hope this helps…
Wendell

0
Reply
ali
ali
December 10, 2021 10:36 am

Hello Wendell
I appreciate your great work. The concepts you have covered are very applicable and you covered them such a way that give me a sense of great understanding of the material…

0
Reply
certskills
certskills
Author
Reply to  ali
December 17, 2021 4:44 pm

You’re welcome! Glad to be of service.

0
Reply

Search

Categories

Tag Cloud

100-105 200-105 200-125 Acing2018-01 ACL ARP CCENT CCNA CCNP Config Lab DevNet DHCP EIGRP Encapsulation Ethernet Frame relay GRE ICND1 ICND2 IP Address IPv6 IPv6 address Lab Gear MAC Table OSPF OSPFv3 Packet Tracer password port security PPP RIPv2 Root Switch RSTP SNMP SSH static route STP Study Tips subnet summary route switching Telnet VLAN VLSM VPN