Link to home
Start Free TrialLog in
Avatar of tjie
tjieFlag for United States of America

asked on

Access List for Cisco # 2

Hi,

1) There are the following access list which i am still getting confused (for some portion) (and i do not have the "practice labs" to try it
2)The information is as the followings:
- The Host IP : 192.168.1.128/28
- The Server is 192.168.1.5
- The Goal : To block only Telnet access by the Host to the Server
- The Access list: i) access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23,
ii) access-list 101 permit ip any any

3) The things that i do not understand: i) ...... 192.168.1.5 0.0.0.0 .....
4) My Question: i) Why is ....0.0.0.0 ? (Why NOT .....0.0.0.15?)
5) Any help?
6) Thank you

Tjie
SOLUTION
Avatar of kyleb84
kyleb84
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of kyleb84
kyleb84
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of kyleb84
kyleb84
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of ionut_mir
ionut_mir
Flag of Romania image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of kyleb84
kyleb84
Flag of Australia image
"If you put 0.0.0.15 this access-list will deny any IP from range 192.168.1.0 - 128"

A single wildcard value that blocks 0-128, and allows the rest isn't possible, since the bit to make 128 is the eighth (1000 0000) and therefore would block the entire 0-255 range when put with the rest to block 0-127 (0111 1111)

.15 as the author wrote is /28 and only matches 16 addresses