04-08-2024 12:23 AM - last edited on 04-08-2024 02:42 AM by shazubai
Question in Book:
The following ACE is typed into configuration mode on a router: access-list 1 permit
10.44.38.0 0.0.3.255. If this statement had instead used a different mask, with nothing else
changed, which of the following choices for mask would result in a match for source IP address
10.44.40.18?
a. 0.0.1.255
b. 0.0.5.255
c. 0.0.7.255
d. 0.0.15.255
I answered B. Book says it is D.
To me B seems obvious that it covers both .38 and .40:
To go from 38 to 40 the 2^5 seems to cover it... unless it's implying that it needs to match all 8 bits?? (See below)
10.44.38.0 in binary:
00001010.00101100.00100110.00000000
10.44.40.18 in binary:
00001010.00101100.00101000.00010010
Someone shed some light onto this?
Solved! Go to Solution.
04-08-2024 02:36 AM - edited 04-08-2024 02:38 AM
Hi, I think The trick is to understand what is valid subnet and then go for wildcard mask for it.
So,
access-list 1 permit 10.44.38.0 0.0.3.255 <<< This is talking of /22 network, so pair is 0-3,4-7,8-11,...,36--39 ,40--43>>>
so 10.44.40.18 will be out of range for /22 , as 3rd octed .38. and .40. will not be in same subnet.
access-list 1 permit 10.44.38.0 0.0.5.255 <<This seems to be invalid mask,You cannot use 255.255.250.0 >>
access-list 1 permit 10.44.38.0 0.0.7.255 <</21, So valid pairs of subnet are 0-7,32--39,40--47,Hence this is not included>>
Hence option D is correct answer as 0.0.15.255 - cover 0-15,16--31 ,32 - 47 so, 3rd octet is covered in option D
04-08-2024 02:36 AM - edited 04-08-2024 02:38 AM
Hi, I think The trick is to understand what is valid subnet and then go for wildcard mask for it.
So,
access-list 1 permit 10.44.38.0 0.0.3.255 <<< This is talking of /22 network, so pair is 0-3,4-7,8-11,...,36--39 ,40--43>>>
so 10.44.40.18 will be out of range for /22 , as 3rd octed .38. and .40. will not be in same subnet.
access-list 1 permit 10.44.38.0 0.0.5.255 <<This seems to be invalid mask,You cannot use 255.255.250.0 >>
access-list 1 permit 10.44.38.0 0.0.7.255 <</21, So valid pairs of subnet are 0-7,32--39,40--47,Hence this is not included>>
Hence option D is correct answer as 0.0.15.255 - cover 0-15,16--31 ,32 - 47 so, 3rd octet is covered in option D
04-08-2024 04:59 AM
"The trick is to understand what is valid subnet and then go for wildcard mask for it."
Although ACE masks often are most used to match prefixes, they don't have to, which this question doesn't actually require.
"0.0.5.255 <<This seems to be invalid mask"
Actually it's a valid mask, just not correct for the question.
The question was to match a specific IP, not a subnet that encompasses that IP.
04-08-2024 04:16 AM - edited 04-08-2024 04:47 AM
Answer D is correct. BTW, it's not the only mask that would work.
The purpose of a mask is to make the two bit configurations alike.
Compare your two binary values, what bits must be changed to make them alike.
Also try a mask of 0.0.14.255.
04-08-2024 12:40 PM - edited 04-08-2024 12:42 PM
Perhaps this will help.
10.44.38.0 in binary: 00001010.00101100.00100110.00000000
10.44.40.18 in binary:00001010.00101100.00101000.00010010
differences: ^^^ ^ ^
you need a mask to eliminate the differences
the minimum mask: 00000000.00000000.00001110.00010010 or 0.0.14.18
or the D answer mask: 00000000.00000000.00001111.11111111 or 0.0.15.255
answers A, B and C don't handle all the correct bits in the 3rd octet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide