ACL help

Unanswered Question
Dec 12th, 2008
User Badges:

I have the ip addresses 200.1.1.0, 200.1.3.0, and 200.1.5.0, 200.1.7.0.


If I create an ACL with ip 200.1.1.0 0.0.6.255


Will this only allow the ODD ip addresses through?


If so, can someone explain this to me in binary, bc Im having trouble explaining it to my students.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jgreenwoodii Fri, 12/12/2008 - 11:06
User Badges:

No that wouldn't work. If you want to only allow only the odd subnets try:


permit 0.0.0.0 255.255.254.255


HTH


Jonathan

Richard Burts Fri, 12/12/2008 - 11:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Chris


Yes that address and mask will allow just the 4 odd addresses that you list. To understand it you need to focus on the third octet of the address and of the mask. So lay out in binary:

address of third octet (1) in binary 00000001

mask of third octet (6) in binary 00000110


Remember that in the mask a 0 means the bit must match and a 1 means that either 0 or 1 is accepted. So to be permitted the first 5 bits must be zero and the last bit must be 1. If you fill out the values you get these:

00000001(=1)

00000011 (=3)

00000101 (=5)

00000111 (=7)


HTH


Rick

jgreenwoodii Fri, 12/12/2008 - 11:18
User Badges:

Ahh I see the direction your going. Maybe I misunderstood the question. Dope!


Jonathan

jgreenwoodii Fri, 12/12/2008 - 11:15
User Badges:

I didn't read your question all the way. But your wildcard mask is not correct. It should be a /21:


200.1.1.0 0.0.7.255


and it will allow these subnets through:


200.1.1.0

200.1.2.0

200.1.3.0

200.1.4.0

200.1.5.0

200.1.6.0

200.1.7.0


HTH


Jonathan


Richard Burts Fri, 12/12/2008 - 11:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jonathan


There is a bit of ambiguity in the question and you and I are interpreting it a bit differently. Your first answer would allow every address that was an odd value in the third octet (and pretty clearly not what the question was about). This answer would allow every address in 200.1.x.x where the value of the third octet was odd.


I interpret it a bit differently. I am not sure that Chris wants every odd subnet. I believe that he wants only the odd subnets of 1, 3, 5, and 7. And his mask of 0.0.6.255 will accomplish that.


Perhaps Chris can clarify what he is looking for.


HTH


Rick

jgreenwoodii Fri, 12/12/2008 - 11:36
User Badges:

Hey Rick I agree with you after reading his post again, I clearly just glanced over it without understanding his question ;)


Jonathan

Actions

This Discussion