03-07-2007 09:39 PM - edited 03-05-2019 02:46 PM
You want to deny access to all hosts that lie within the range 192.168.160.0/24-192.168.191.0/24.
Hosts in the 192.168.195.0/24 should be granted full access.
If I need to write this access-list, can you help me determine the inverse subnet mask for this? I am terrible at this type of exercise!
I would do
access-list 10 deny 192.168.?.? 0.0.?.255
But I can't figure out the rationale behind how
to include .160.0 and 191.0 but exclude
.195.0.
I wrote the following 3rd and 4th octet in binary:
.160.0 = 10100000.0000000
.191.0 = 10111111.0000000
Then the mask /24 at 3rd and 4th octet:
= 11111111.0000000
I know that "1" is don't care. "0" is match exactly.
How can I proceed from here?
Solved! Go to Solution.
03-07-2007 10:02 PM
Marlon,
You have done the hard part with this:
.160.0 = 10100000.0000000
.191.0 = 10111111.0000000
Note that both bit patterns match as far as the 160 (101), and if the rest of the bits in the 3rd octet are ones you have 191 which is the top of your range. So if your mask is all 1s(don't care) from that point you would match 192.168.160.0 through 192.168.191.255.
access-list 10 deny 192.168.160.0 0.0.31.255
Note that adding the inverse mask to the address will show you the upper address in the range:
192.168.160.000
000.000.031.255
---------------
192.168.191.255
This is a quick double check on your mask.
Please rate helpful posts.
Dave
03-07-2007 10:02 PM
Marlon,
You have done the hard part with this:
.160.0 = 10100000.0000000
.191.0 = 10111111.0000000
Note that both bit patterns match as far as the 160 (101), and if the rest of the bits in the 3rd octet are ones you have 191 which is the top of your range. So if your mask is all 1s(don't care) from that point you would match 192.168.160.0 through 192.168.191.255.
access-list 10 deny 192.168.160.0 0.0.31.255
Note that adding the inverse mask to the address will show you the upper address in the range:
192.168.160.000
000.000.031.255
---------------
192.168.191.255
This is a quick double check on your mask.
Please rate helpful posts.
Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide