01-15-2021 08:27 AM
Hello everyone
First, sorry if the word isn´t "summarization". I think so but if it's called something else, excuse me and correct me, please...
I have a question in my head for days and I need someone to explain why...
This is a question that I have seen on a networking website and I don´t understand the answer:
access-list 107 deny tcp 207.16.12.0 0.0.3.255 any eq http
access-list 107 permit ip any any
The exercise gives you 5 possible IPs and you have to determine which two IPs would be denied:
207.16.32.14 http(aplication)
207.16.15.9 23(port)
207.16.16.14 53(port)
207.16.14.7 80(port)
207.16.13.14 http(aplication)
Mask is 255.255.252.0 and I know that to solve the doubt, I have to look at the third octet of the wildcard, "252", which is the octet that will determine the range of IPs denied or not.
I also know that I have to convert that number to binary, which is 11111100, that leaves "00" for the calculation and this is where the doubt comes:
00 can be:
00=0
01=1
10=2
11=3
So, why in that ACL are denied the last two IPs of those five with ranges in the third octet of 14 and 13??? (207.16.14.7 80(port) and 207.16.13.14 http(aplication) ).
I would like to understand the answer because honestly, I don´t understand it ... Thanks and regards
Solved! Go to Solution.
01-15-2021 10:39 AM
Summarization is not a bad term to describe what is going on but aggregation is probably a better term.
You are on the right track, but have a detail not right. You are right that 252 mask leaves you 00 and that indicates
0
1
2
3
but you need to remember that the subnet does not start at 0 but starts at 12. So the results in the access list would actually match
12
13
14
15
If you look at the possible answers
207.16.32.14 http(aplication) is not right because 32 is outside the range
207.16.15.9 23(port) is not right. 15 is in the range but port 23 does not match the acl
207.16.16.14 53(port) is not right because 16 is outside the range
207.16.14.7 80(port) is a right choice. 14 is in the range and the port matches the acl
207.16.13.14 http(aplication) is a right choice. 13 is in the range and the application matches the acl
I hope this helps you to understand it better.
01-15-2021 10:39 AM
Summarization is not a bad term to describe what is going on but aggregation is probably a better term.
You are on the right track, but have a detail not right. You are right that 252 mask leaves you 00 and that indicates
0
1
2
3
but you need to remember that the subnet does not start at 0 but starts at 12. So the results in the access list would actually match
12
13
14
15
If you look at the possible answers
207.16.32.14 http(aplication) is not right because 32 is outside the range
207.16.15.9 23(port) is not right. 15 is in the range but port 23 does not match the acl
207.16.16.14 53(port) is not right because 16 is outside the range
207.16.14.7 80(port) is a right choice. 14 is in the range and the port matches the acl
207.16.13.14 http(aplication) is a right choice. 13 is in the range and the application matches the acl
I hope this helps you to understand it better.
01-15-2021 10:52 AM
Some of the concepts in using access lists take some getting used to, especially how the wildcard masks are used to match IP addresses. I am glad that my explanation was helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
01-15-2021 11:08 AM
It's the least I have to do, accept the solution !!!
The explanation has been impeccable and I appreciate it
The truth is, since I am not an expert, I will go in more to ask than to help.
Again, thank you so much Richard
01-15-2021 01:50 PM
You are welcome. At this point you are not an expert and you will mostly ask questions. Over time as you learn more and more about networking I believe that you will also be able to offer help to others.
01-16-2021 03:13 AM
I hope so !!
01-15-2021 10:52 AM
Hi, do you want that I to confess something to you ??? I had not looked at the third octet of the IP in the ACL, I had only focused on the mask !!!!
That's why I didn't understand where 12, 13, 14 and 15 came from !! Buffffffff
Of course you have helped me to understand it, a lot
Regards.
01-15-2021 11:05 AM
Sometimes it is good to confess things. It is interesting that you had focused on the mask and not on the third octet of the address. So now you have learned an important lesson.
Good luck as you continue to learn about networking.
01-16-2021 03:17 AM
And so much !! Next time that I see a scenario / exercise like this, it will be the first thing I look at, the octet involved of the IP in question xD. Thanks again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide