ACL help

Unanswered Question
Dec 12th, 2008

I have the ip addresses,, and,

If I create an ACL with ip

Will this only allow the ODD ip addresses through?

If so, can someone explain this to me in binary, bc Im having trouble explaining it to my students.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jgreenwoodii Fri, 12/12/2008 - 11:06

No that wouldn't work. If you want to only allow only the odd subnets try:




Richard Burts Fri, 12/12/2008 - 11:12


Yes that address and mask will allow just the 4 odd addresses that you list. To understand it you need to focus on the third octet of the address and of the mask. So lay out in binary:

address of third octet (1) in binary 00000001

mask of third octet (6) in binary 00000110

Remember that in the mask a 0 means the bit must match and a 1 means that either 0 or 1 is accepted. So to be permitted the first 5 bits must be zero and the last bit must be 1. If you fill out the values you get these:


00000011 (=3)

00000101 (=5)

00000111 (=7)



jgreenwoodii Fri, 12/12/2008 - 11:18

Ahh I see the direction your going. Maybe I misunderstood the question. Dope!


jgreenwoodii Fri, 12/12/2008 - 11:15

I didn't read your question all the way. But your wildcard mask is not correct. It should be a /21:

and it will allow these subnets through:



Richard Burts Fri, 12/12/2008 - 11:30


There is a bit of ambiguity in the question and you and I are interpreting it a bit differently. Your first answer would allow every address that was an odd value in the third octet (and pretty clearly not what the question was about). This answer would allow every address in 200.1.x.x where the value of the third octet was odd.

I interpret it a bit differently. I am not sure that Chris wants every odd subnet. I believe that he wants only the odd subnets of 1, 3, 5, and 7. And his mask of will accomplish that.

Perhaps Chris can clarify what he is looking for.



jgreenwoodii Fri, 12/12/2008 - 11:36

Hey Rick I agree with you after reading his post again, I clearly just glanced over it without understanding his question ;)



This Discussion