Access-lists

Discussion in 'General Cisco Certifications' started by Headache, Feb 26, 2007.

  1. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    I saw a question in one tutorial I've been reading and it's sort of doing my head in.

    It goes something like this:

    Access-list 1 permit 172.32.16.0 0.0.0.255
    Access-list 1 permit 172.32.17.0 0.0.0.255
    Access-list 1 permit 172.32.18.0 0.0.0.255
    Access-list 1 permit 172.32.19.0 0.0.0.255

    Question: Aggregate all of the above statements into one single statement that would have the same effect.

    So, what new statement should I use ? In particular: what wildcard mask is valid for the new statement and specifically HOW (!!!!!) do I derive it ?
     
    Certifications: CCNA
    WIP: CCNP
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,205
    136
    199
    You know its amazing how much stuff you forget if you don't use it. This time last year i would have been able to answer that easilly for you, now my head just says what?

    Sorry, not really an answer, just some ramblings! :rolleyes:
     
  3. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    I know. I was studying this just three or four weeks ago and already I've forgotten everything !
     
    Certifications: CCNA
    WIP: CCNP
  4. laup

    laup Byte Poster

    121
    1
    24
    Unless im missing something

    Access-list 1 permit 172.32.0.0 0.0.255.255 ?? lol
     
    Certifications: IC3,A+, N+, 70-270, CCNA
    WIP: CCDA/Job :>
  5. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,205
    136
    199
    Yeah, but you only want to allow the .16 .17. .18 .19 addresses.

    Access-list 1 permit 172.32.0.0 0.0.255.255 permits ALL traffic on the 172.32.x.x range.

    My subnetting is terrible hence why the answer has eluded me! :oops:
     
  6. Spice_Weasel

    Spice_Weasel Kilobyte Poster

    254
    45
    45
    access-l 1 per 172.32.16.0 0.0.3.255

    Spice_Weasel
     
    Certifications: CCNA, CCNP, CCIP, JNCIA-ER, JNCIS-ER,MCP
    WIP: CCIE
  7. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    Thanks Spice_Weasel. I'm still not sure how you derived the wildcard mask though. But thanks anyway.
     
    Certifications: CCNA
    WIP: CCNP
  8. Spice_Weasel

    Spice_Weasel Kilobyte Poster

    254
    45
    45
    Sorry, here is a quick explanation:

    The 3rd octet is the important one in the question. Expressed in binary, the four networks to select are as follows:

    00010000
    00010001
    00010010
    00010011

    The only bits that are changing are the two least significant bits. Those bits will need to be masked off in the access list, along the the last octet. So the mask for the access list would have to be:

    0.0.3.255 <-- All 8 bits of the 4th octet, plus the 2 least significant bits of the 3rd octet.

    Spice_Weasel
     
    Certifications: CCNA, CCNP, CCIP, JNCIA-ER, JNCIS-ER,MCP
    WIP: CCIE
  9. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    Alrightee ! Big thanks.
     
    Certifications: CCNA
    WIP: CCNP
  10. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Be sure to understand how Spice came up with that answer. If you don't, subnetting will continue to haunt you the rest of your days. It doesn't ever go away, my friends.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  11. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    *shiver*
     
    Certifications: CCNA
    WIP: CCNP
  12. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    Perhaps I am not understanding this as well as I should.

    Guess I am gonna break out some books. I thought I understood wildcards, but I guess not.
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall
  13. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    I got it now.

    The wildcard mask is saying I don't care about the last 10 bits, but match the 1st 22 bits.

    It won't just allow the 4 example ranges but anything that matches the 1st 22 bits.
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall
  14. laup

    laup Byte Poster

    121
    1
    24
    hmmmmmm the 3 represents the last 2 binary bits of the 3 octet 1 & 2 which equals 3, so only the last 2 will be taking into account.

    if only the matchin the first 22 bits u can only get

    16 84|21 = 3
    1 |00|00 = 16
    1 |00|01 = 17
    1 |00|10 = 18
    1 |00|11 = 19
    ^20th Bit
    ----^22nd Bit


    my theory anyhow :p
     
    Certifications: IC3,A+, N+, 70-270, CCNA
    WIP: CCDA/Job :>
  15. muckyfingers

    muckyfingers New Member

    4
    2
    4
    hi all,

    the way i found to understand this LOVELY part of cisco was in order to arrive at your wildcard mask you take the lowest number (172.32.16.0) away from the highest number
    (172.32.19.0) in the range
    for example:
    172.32.19.0
    - 172.32.16.0
    = 0. 0. 3. 0-this 0 would of course be 255.

    until i found this method i wanted to hit the creator of acls

    hope i have helped in some way

    cheers
     
  16. laup

    laup Byte Poster

    121
    1
    24
    why aint stuff ever explained that simple
     
    Certifications: IC3,A+, N+, 70-270, CCNA
    WIP: CCDA/Job :>
  17. Headache

    Headache Gigabyte Poster

    1,092
    9
    85
    Holy Cow !

    Well, if this is true, then MuckyFingers is a genius !

    Have a couple of reputation points on me.

    And a .....

    Big Welcome

    .. to the forum.
     
    Certifications: CCNA
    WIP: CCNP
  18. muckyfingers

    muckyfingers New Member

    4
    2
    4
    tah very much!
    it took me hours of searching (pre cert forums member) before i came across this method and it has been great ever since!
    I have really still only scratched the surface of acl's as i am currently on sem 3 of ccna.
     
  19. laup

    laup Byte Poster

    121
    1
    24
    Damn. seems u have them sussed im the same as headache, i just this second scrapped through semester 4 final exam with a 71.2%.

    its funny how much u forget in such lil time though. ive been off from studying for 2 weeks with man flu and it didnt do me any favours

    ps watch out for semester 4 its a bastard :>
     
    Certifications: IC3,A+, N+, 70-270, CCNA
    WIP: CCDA/Job :>
  20. NetEyeBall

    NetEyeBall Kilobyte Poster

    279
    10
    45
    In the companion guide there is a really good chapter. I think it was in the router and routing basics guide to the Acadamy. I swear...read the chapter and it will make sense. Good stuff.
     
    Certifications: CCNA, A+, N+, MCSE 4.0, CCA
    WIP: CCDA, CCNP, Cisco Firewall

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.