Posted - Mar 18 2001 : 8:11:27 PM
this is a question from a boson sample test that i think is worth working through and understanding...
the explanation gives a shortcut for obtaining the correct answer, but this is a good one to figure out why the answer is correct and be able to explain it. a good understanding of subnetting makes this very easy. here is the question:
What should be the first command to create an access-list that prevents all users on subnetwork 10.10.128.0, using subnet mask 255.255.192.0, from being able to telnet anywhere?
A.) access-list 101 deny tcp 10.10.128.0 0.0.192.255 any eq telnet
B.) access-list 101 deny tcp 10.10.128.0 255.255.0.0 any eq telnet
C.) access-list 101 deny tcp 10.10.128.0 255.255.192.0 any eq telnet
D.) access-list 101 deny tcp 10.10.128.0 0.0.63.255 any eq telnet
E.) access-list 101 deny tcp 10.10.128.0 0.0.127.255 any eq telnet
F.) access-list 101 deny tcp 10.10.128.0 0.0.128.255 any eq telnet
Wildcard masks for an entire subnet are easy to figure out (shortcut):
Local Broadcast - Subnet Mask = Inverted Wildcard Masks
0. 0. 63.255
nevermind the syntax of the CLI. pay attention to the subnet control and keep in mind a 0 means "must match exactly" and a 1 means wildcard in the subnet mask portion.
The material on this web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. CISCO® is a registered trademark of Cisco Systems, Inc.; CCNA™, CCDA™, CCNP™, CCDP™, CCIE™, CISCO CERTIFIED NETWORK ASSOCIATE™, CISCO CERTIFIED DESIGN ASSOCIATE™, CISCO CERTIFIED NETWORK PROFESSIONAL™, CISCO CERTIFIED DESIGN PROFESSIONAL™, CISCO CERTIFIED INTERNETWORK EXPERT™ are distinctive trademarks used by Cisco to describe its certifications and examinations in the United States and certain other countries. All other trademarks are trademarks of their respective owners.