Tweet
ACL với Odd, Even number subnet ???
Câu hỏi:
7. Design an IP access list that:
- permits TFTP traffic to TFTP servers that have host addresses
ending in even numbers,
- denies Telnet traffic to Telnet servers that have host addresses
ending in odd numbers,
- permit traffic to other Telnet servers, and
- denies all other IP traffic.
Apply your list inbound on interface E1.
Trả lời:
access-list 102 permit udp any 0.0.0.0 255.255.255.254 eq tftp
access-list 102 permit tcp any 0.0.0.0 255.255.255.254 eq telnet
interface e1
ip access-group 102 in
và phần giải thích về Odd-even number
Nhưng đọc nhiều lần vẫn chưa hiểu rõ về Odd-Even number là gì ? Mong mọi người giúp đỡ! Cảm ơn O:-)
7. Design an IP access list that:
- permits TFTP traffic to TFTP servers that have host addresses
ending in even numbers,
- denies Telnet traffic to Telnet servers that have host addresses
ending in odd numbers,
- permit traffic to other Telnet servers, and
- denies all other IP traffic.
Apply your list inbound on interface E1.
Trả lời:
access-list 102 permit udp any 0.0.0.0 255.255.255.254 eq tftp
access-list 102 permit tcp any 0.0.0.0 255.255.255.254 eq telnet
interface e1
ip access-group 102 in
và phần giải thích về Odd-even number
Third and more difficult example
This final example of wildcard masking is a bit tougher and requires examining two IP addresses to fully understand it. This first example illustrates an odd subnet.
IP address
Decimal 172.22.1.0
Binary 10101100.00010110.00000001.00000000
Wild card Mask
Decimal 0.0.254.255
Binary 00000000.00000000.11111110.11111111
This wildcard mask requires that the first two octets and the final bit position of the third octet match the IP address in the access list. The values in the last octet are not significant. Since the final bit positions in the third octet of the IP address in the access list are turned on (set to 1), all packets that the access list will permit or deny must have a 1 in the final bit position of the third octet.
In the above example, the first two octets must match exactly. Also, the final bit place in the third octet must match; it must be a 1! Therefore, an access list that states access-list 1 permit 172.22.1.0 0.0.254.255 will allow traffic from any odd-numbered subnet to pass. Even-numbered subnets are blocked because their last bit position in the third octet is a 0.
If you use a source of 172.22.1.0 and a wildcard mask of 0.0.254.255, any packet that the list will act upon must have a 1 in the least significant bit position of the third octet. If a packet with the IP address of 172.22.2.1 is examined by the access list in the previous paragraph, the router ignores it because the least significant bit of the third octet (see below) is a 0, not a 1. The next example shows why this is true.
Since the least significant bit positions do not match, any address within the subnet 172.22.2.0 is out of the required range of the access list and is thus discarded (or ignored, depending on the function of the access list).
IP Address
Decimal 172.22.2.1
Binary 10101100.00010110.00000010.00000001
Wildcard Mask
Binary 00000000.00000000.11111110.11111111
This wildcard mask requires that the first two octets and the final bit position of the third octet match the IP address in the access list. The values in the last octet are not significant. Since the final bit position in the third octet of the examined IP address and the IP address in the access list do not match (one is a 0 and the other is a 1), any line in an access list with a permit or deny 172.22.1.0 0.0.254.255 would not apply to the address 172.22.2.1. In fact, no even subnet could be affected because all even subnets would have a value of 0 in the last bit position of the third octet.
This final example of wildcard masking is a bit tougher and requires examining two IP addresses to fully understand it. This first example illustrates an odd subnet.
IP address
Decimal 172.22.1.0
Binary 10101100.00010110.00000001.00000000
Wild card Mask
Decimal 0.0.254.255
Binary 00000000.00000000.11111110.11111111
This wildcard mask requires that the first two octets and the final bit position of the third octet match the IP address in the access list. The values in the last octet are not significant. Since the final bit positions in the third octet of the IP address in the access list are turned on (set to 1), all packets that the access list will permit or deny must have a 1 in the final bit position of the third octet.
In the above example, the first two octets must match exactly. Also, the final bit place in the third octet must match; it must be a 1! Therefore, an access list that states access-list 1 permit 172.22.1.0 0.0.254.255 will allow traffic from any odd-numbered subnet to pass. Even-numbered subnets are blocked because their last bit position in the third octet is a 0.
If you use a source of 172.22.1.0 and a wildcard mask of 0.0.254.255, any packet that the list will act upon must have a 1 in the least significant bit position of the third octet. If a packet with the IP address of 172.22.2.1 is examined by the access list in the previous paragraph, the router ignores it because the least significant bit of the third octet (see below) is a 0, not a 1. The next example shows why this is true.
Since the least significant bit positions do not match, any address within the subnet 172.22.2.0 is out of the required range of the access list and is thus discarded (or ignored, depending on the function of the access list).
IP Address
Decimal 172.22.2.1
Binary 10101100.00010110.00000010.00000001
Wildcard Mask
Binary 00000000.00000000.11111110.11111111
This wildcard mask requires that the first two octets and the final bit position of the third octet match the IP address in the access list. The values in the last octet are not significant. Since the final bit position in the third octet of the examined IP address and the IP address in the access list do not match (one is a 0 and the other is a 1), any line in an access list with a permit or deny 172.22.1.0 0.0.254.255 would not apply to the address 172.22.2.1. In fact, no even subnet could be affected because all even subnets would have a value of 0 in the last bit position of the third octet.
Nhưng đọc nhiều lần vẫn chưa hiểu rõ về Odd-Even number là gì ? Mong mọi người giúp đỡ! Cảm ơn O:-)
Comment