silly ACL question

Hello. I've taken several polylab and about every time failed the same task. So there is question:

why "...groups in the ranges 239.0.0.0/16, 239.2.0.0/16, 239.4.0.0/16, and 239.6.0.0/16 ..." covered in solution by the following ACL:

access-list 22 permit 239.0.0.0 0.4.255.255

 

?

Comments

  • Hi,

    Can you please write  a bit more on the problem? From my point of view if you are trying to group the range 239.0.0.0/16 and 239.2.0.0/16 it is not possible as they are not contiguous. On the other hand if they would have been contiguous like 239.0.0.0/16, 239.1.0.0/16, 239.2.0.0/16 and 239.3.0.0/16 the solution they have provided is wrong. As in a wildcard mask you cannot put an even number. In a wildcard mask you are negeting the subnet mask(which is always even at the last octet) from 255.255.255.255 will provide you with an odd number. A more detail on the question part might bring you some more good solution.

  • You can match all four prefixes with a single ACL.  I've computed a different wildcard mask than the one you were provided though...

    Take the given networks and break the second octet of each into binary notation, you will see the bit variations are between the second and third bits from the right.

    239.0.0.0/16
    239.2.0.0/16
    239.4.0.0/16
    239.6.0.0/16


    0 = 00000000
    2 = 00000010
    4 = 00000100
    6 = 00000110
    ----------------
    m = 00000110 -> Binary significance of the wildcard mask for the second octet.

    Now convert m to decimal, which in this case would be six (6).  This will be your wildcard mask.  So in your particular example, I think an accurate single line ACL should look like this:

    access-list 22 permit 239.0.0.0 0.6.255.255

    HTH,
    Jeff

  • Exactly, Jeff! So there is error in solution and I've just to keep the patience about it?

Sign In or Register to comment.