ACL Drill Set 3 – Answers

certskills
By certskills October 19, 2015 09:05

This post makes no sense without the questions from the previous post, so check those out if you’ve not done so already. The questions list ACLs that were typed in a text editor, so they could list an IP address parameter that IOS will change, depending on the wildcard mask. Look below the fold to check your answers, and ask questions if you have them.

First, the repeated original 5 ACLs:

  1. access-list 1 permit 10.0.0.0 0.0.0.255
  2. access-list 2 permit 10.1.0.0 0.0.255.255
  3. access-list 3 permit 172.16.112.0 0.0.15.255
  4. access-list 4 permit 172.16.113.192 0.0.0.31
  5. access-list 5 permit 172.16.150.0 0.0.7.255

And now the answers. Note that of these, only the 5th ACL changes when copied into config mode on a router.

  1. 10.0.0.0  – 10.0.0.255
  2. 10.1.0.0 – 10.1.255.255
  3. 172.16.112.0 – 172.16.127.255
  4. 172.16.113.192 – 172.16.113.223
  5. 172.16.144.0 – 172.16.151.255
ACL Drill Set 3
OSPF Interface Config 1
certskills
By certskills October 19, 2015 09:05
Write a comment

3 Comments

  1. Taylor B June 14, 23:02

    Is answer 5 a mistake?
    I got 172.16.150.1-172.16.157.255 and that it would not change when added to the running config?

    Did I do something wrong here?

    Reply to this comment
    • Jesus D July 14, 19:38

      172.16.150.0 is not a Network, it’s an IP Address.

      172.16.150.0 0.0.7.255 means a range from a /21 network, which means jumps of 8 in the third octect (subnetting)

      172.16.0.0 -> 172.16.8.0 -> … -> 172.16.144.0 -> 172.16.152.0 -> … -> 172.16.248.0

      So the correct range for that network is: 172.16.144.0 – 172.16.151.255

      Reply to this comment
    • CCENTSkills July 21, 09:36

      Taylor,
      Jesus summed it up nicely.
      On your answer, you may have followed the process to just add the wildcard mask to the IP address/subnet listed to get the end of the range. However, the problem statement mentioned that the commands were in a text editor, to be pasted. IOS will take an access-list command, do the math like Jesus described, do the math to determine the range of IP addresses implied by the combined number and wildcard, and then change the first number if it’s not the first number in the range.

      To do that math:
      Invert the wildcard mask to turn it into a wildcard mask.
      Do the same old subnetting math on the two numbers as IP address and SUBNET mask to find the range of addresses in the subnet
      If the calculated “subnet number” isn’t the same number that was in the access-list command, IOS will change it to that value (172.16.48.0 in this case).
      Hope this helps…
      Wendell

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories