1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CCNA2 - Accesslist question

Discussion in 'General Cisco Certifications' started by vincent85, Jun 22, 2006.

  1. vincent85

    vincent85 New Member

    2
    0
    1
    Manager Hosts (Upper half) : 148.10.9.128 ~ 148.10.9.254 (Usable)
    Production Hosts(Lower Half): 148.10.9.1 ~ 148.10.9.127 (Usable)
    Subnet Mask : 255.255.255.0 /24
    Wildcards: 0.0.0.255

    Manager Hosts can access all network 209.0.0.0/24 all protocols. Production Hosts can ONLY access 209.0.0.254 . Deny anyothers ...
    -1-
    access-list 100 permit ip 148.10.9.0 0.0.0.127 host 209.0.0.254
    access-list 100 deny ip 148.10.9.0 0.0.0.127 209.0.0.0 0.0.0.255
    access-list 100 permit ip 148.10.9.128 0.0.0.127 209.0.0.0 0.0.0.255
    access-list 100 deny ip any 209.0.0.0 0.0.0.255

    -->
    Or
    -2-
    access-list 100 permit ip 148.10.9.0 0.0.0.127 host 209.0.0.254
    access-list 100 permit ip 148.10.9.128 0.0.0.127 209.0.0.0 0.0.0.255
    access-list 100 deny ip any 209.0.0.0 0.0.0.255

    -->

    Which one is correct? and why?


    Finally, Thank you for your time.
     
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Before I even attempt to answer your question can I ask why you need to know the answer?

    I mean its one thing to help someone out, its another to do their work for them. 8)
     
  3. vincent85

    vincent85 New Member

    2
    0
    1
    ok, the first one (1) is what i wrote in my exam.
    the second(2) is from my friend.

    (This is the second exam and if one of those or both are incorrect, that means we are going to fails for the exam :cry: )
    I hope you understand the situation.
    Thank
     
  4. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    I personaly would go for option 2, but I'm not actually sure why at the moment. Once I can remember how wildcard masks are worked out and I can get to look at my Cisco books I may differ but for now, for some reason Option Two looks the better List. :rolleyes:
     
  5. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Question - Where does the 0.0.0.127 come from?

    Can't seem to get where it comes from? :unsure
     
  6. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    vincent85,

    Can I ask specifically what kind of exam? The Cisco CCNA exam? Some academic class exam? Other?
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  7. r.h.lee

    r.h.lee Gigabyte Poster

    1,011
    52
    105
    vincent85,

    Questions:
    1) What is the physical topology of this network?
    2) Is this a "router on a stick" configuration?
    3) What is 209.0.0.254? the router interface or a host?
     
    Certifications: MCSE, MCP+I, MCP, CCNA, A+
    WIP: CCDA
  8. Spice_Weasel

    Spice_Weasel Kilobyte Poster

    254
    45
    45
    Both access lists work. Which one is better depends on what you intend to do with the access list.

    Even just two lines is enough - e.g.:

    access-list 100 permit ip 148.10.9.0 0.0.0.127 host 209.0.0.254
    access-list 100 permit ip 148.10.9.128 0.0.0.127 209.0.0.0 0.0.0.255

    Access list 2 is better in that it is shorter, and shorter access lists are easier to understand and a bit faster for the router to process, although in this case that won't make much difference.

    But access list 1 could be useful in cases where you want to see if any of the production hosts are trying to accesss hosts they shouldn't, as you will see hits against the 2nd line -

    access-list 100 deny ip 148.10.9.0 0.0.0.127 209.0.0.0 0.0.0.255

    You could also log the lines of interest so that you can find out what is happening. Very handy, logging access list lines is a great tool.

    So either would work, it is a question of if you want a shorter, faster access list or an access list that will show if production hosts are trying to access hosts they shouldn't. In the context of a ccna exam I would pick list 2, but read the question carefully in case there is a extra information about what the access list is supposed to do.

    Spice_Weasel
     
    Certifications: CCNA, CCNP, CCIP, JNCIA-ER, JNCIS-ER,MCP
    WIP: CCIE

Share This Page

Loading...