cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
389
Views
3
Helpful
4
Replies

Basic subnetting question has me stumped

hfakoor222
Spotlight
Spotlight

Question in Book:

The following ACE is typed into configuration mode on a router: access-list 1 permit
10.44.38.0 0.0.3.255. If this statement had instead used a different mask, with nothing else
changed, which of the following choices for mask would result in a match for source IP address
10.44.40.18?
a. 0.0.1.255
b. 0.0.5.255
c. 0.0.7.255
d. 0.0.15.255

 

I answered B.  Book says it is D.

 

To me B seems obvious that it covers both .38 and .40:

To go from 38 to 40 the 2^5 seems to cover it...   unless it's implying that it needs to match all 8 bits?? (See below)

10.44.38.0 in binary:

00001010.00101100.00100110.00000000

10.44.40.18 in binary:

00001010.00101100.00101000.00010010

 

 

Someone shed some light onto this?

1 Accepted Solution

Accepted Solutions

indra7867
Cisco Employee
Cisco Employee

Hi, I think The trick is to understand what is valid subnet and then go for wildcard mask for it. 
So, 
access-list 1 permit 10.44.38.0 0.0.3.255 <<< This is talking of /22 network, so pair is  0-3,4-7,8-11,...,36--39 ,40--43>>>

so 10.44.40.18 will be out of range for /22 , as 3rd octed .38. and .40. will not be in same subnet.

 

access-list 1 permit 10.44.38.0 0.0.5.255 <<This seems to be invalid mask,You cannot  use 255.255.250.0 >>

access-list 1 permit 10.44.38.0 0.0.7.255 <</21, So valid pairs of subnet are 0-7,32--39,40--47,Hence this is not included>>

Hence option D is correct answer as  0.0.15.255 - cover  0-15,16--31 ,32 - 47  so, 3rd octet is covered in  option D

 



 

 

View solution in original post

4 Replies 4

indra7867
Cisco Employee
Cisco Employee

Hi, I think The trick is to understand what is valid subnet and then go for wildcard mask for it. 
So, 
access-list 1 permit 10.44.38.0 0.0.3.255 <<< This is talking of /22 network, so pair is  0-3,4-7,8-11,...,36--39 ,40--43>>>

so 10.44.40.18 will be out of range for /22 , as 3rd octed .38. and .40. will not be in same subnet.

 

access-list 1 permit 10.44.38.0 0.0.5.255 <<This seems to be invalid mask,You cannot  use 255.255.250.0 >>

access-list 1 permit 10.44.38.0 0.0.7.255 <</21, So valid pairs of subnet are 0-7,32--39,40--47,Hence this is not included>>

Hence option D is correct answer as  0.0.15.255 - cover  0-15,16--31 ,32 - 47  so, 3rd octet is covered in  option D

 



 

 

"The trick is to understand what is valid subnet and then go for wildcard mask for it."

Although ACE masks often are most used to match prefixes, they don't have to, which this question doesn't actually require.

"0.0.5.255 <<This seems to be invalid mask"

Actually it's a valid mask, just not correct for the question.

The question was to match a specific IP, not a subnet that encompasses that IP.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Answer D is correct.  BTW, it's not the only mask that would work.

The purpose of a mask is to make the two bit configurations alike.

Compare your two binary values, what bits must be changed to make them alike.

Also try a mask of 0.0.14.255.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Perhaps this will help.

10.44.38.0 in binary: 00001010.00101100.00100110.00000000
10.44.40.18 in binary:00001010.00101100.00101000.00010010
differences:                                ^^^     ^  ^
you need a mask to eliminate the differences
the minimum mask:     00000000.00000000.00001110.00010010 or 0.0.14.18
or the D answer mask: 00000000.00000000.00001111.11111111 or 0.0.15.255
answers A, B and C don't handle all the correct bits in the 3rd octet

Review Cisco Networking for a $25 gift card