Scribd
Upload
66 views5 pages

Acl Examples With Odd - Even Half

The document discusses IP addressing and subnetting using both decimal and binary notation. It provides examples of IPv4 addresses and wildcard masks, and how they can be used to permit or deny ranges of IP addresses through access control lists.

Uploaded by

www.yuvan9580
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
66 views5 pages

Acl Examples With Odd - Even Half

The document discusses IP addressing and subnetting using both decimal and binary notation. It provides examples of IPv4 addresses and wildcard masks, and how they can be used to permit or deny ranges of IP addresses through access control lists.

Uploaded by

www.yuvan9580
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Decimal Binary

IPv4 address 192.168.16.0 11000000.10101000.00010000.00000000

00000000.00000000.00001111.11111111 (0 is match, 1 is Ignore)


Wildcard Mask 0.0.15.255
11000000.10101000.0001XXXX. XXXXXXXX

192.168.16.0/24 11000000.10101000.00010000.00000000
Permitted IPv4 Address to to
192.168.31.255/24 11000000.10101000.00011111.11111111

192.168.16.0 11000000.10101000.00010000.00000000

0.0.15.255 00000000.00000000.00001111.11111111
Permitted IPv4 11000000.10101000.0001XXXX.XXXXXXXX
Address

192.168.16.0 11000000.10101000.00010000.00000000 192.168.16.255 11000000.10101000.00010000.11111111


192.168.17.0 11000000.10101000.00010001.00000000 192.168.17.255 11000000.10101000.00010001.11111111
192.168.18.0 11000000.10101000.00010010.00000000 192.168.18.255 11000000.10101000.00010010.11111111
192.168.19.0 11000000.10101000.00010011.00000000 192.168.19.255 11000000.10101000.00010011.11111111
192.168.20.0 11000000.10101000.00010100.00000000 192.168.20.255 11000000.10101000.00010100.11111111
192.168.21.0 11000000.10101000.00010101.00000000 192.168.21.255 11000000.10101000.00010101.11111111
192.168.22.0 11000000.10101000.00010110.00000000 192.168.22.255 11000000.10101000.00010110.11111111
: : : :
: : : :
192.168.31.0 11000000.10101000.00011111.00000000 192.168.31.255 11000000.10101000.00011111.11111111
ODD numbered IP addresses ODD numbered IP addresses 192.168.30.1=11000000.10101000.00011110.00000001
access-list 1 permit 192.168.30.1 0.0.0.254 0.0.0.254 =00000000.00000000.00000000.11111110 (0 is match, 1 is Ignore)
IP address will be 192.168.30.1 ---------------------------------------------------
If it is 1, the IP address will be Odd 11000000.10101000. 00011110.xxxxxxx1
wild card mask as 0.0.0.254
192.168.30.00000001 = 192.168.30.1 – odd 11000000.10101000.00011110.xxxxxxx1 = 192.168.30.1
254 = 11111110 11000000.10101000.00011110.xxxxxx11 = 192.168.30.3
192.168.30.00000011 = 192.168.30.3 – odd 11000000.10101000.00011110.xxxxx101 = 192.168.30.5
11000000.10101000.00011110.xxxxx111 = 192.168.30.7
看尾号 even 你
11000000.10101000.00011110.xxxx1001 = 192.168.30.9
那个address最
:
后也是要even 11000000.10101000.00011110.11111111 = 192.168.30.255
odd 就是 odd

EVEN numbered IP addresses EVEN numbered IP addresses 192.168.30.0=11000000.10101000.00011110.00000000


access-list 1 permit 192.168.30.0 0.0.0.254 0.0.0.254 =00000000.00000000.00000000.11111110 (0 is match, 1 is Ignore)
IP address will be 192.168.30.0
If it is 0, the IP address will be Even ---------------------------------------------------
wild card mask as 0.0.0.254 11000000.10101000. 00011110.xxxxxxx0
192.168.30.00000010 = 192.168.30.2 even
254 = 11111110 11000000.10101000.00011110.xxxxxxx0 = 192.168.30.0
192.168.30.00000100 = 192.168.30.4 even 11000000.10101000.00011110.xxxxxx10 = 192.168.30.2
11000000.10101000.00011110.xxxxx100 = 192.168.30.4
Wlidcard mask 11000000.10101000.00011110.xxxxx110 = 192.168.30.6
always same 11000000.10101000.00011110.xxxx1000 = 192.168.30.8
0.0.0.254 in :
standard. 11000000.10101000.00011110.11111110 = 192.168.30.254

Subnet mask Wildcard mask


/24 = 255.255.255.0 255.255.255.255
255.255.255.0
--------------------------
0. 0. 0. 255
Access-list 125 deny ip 198.32.10.0 0.0.0.127 any 198.32.10.0 =
(This ACL would block the lower half of the subnet.)
0. 0. 0.127
--------------------
198.32.10.?

0 = 00000000
127= 01111111 (0 is match, 1 is Ignore)
-------------------------
0xxxxxxxx

00000000=0 198.32.10. 00000000 = 198.32.10.0


00000001=1 198.32.10. 00000001 = 198.32.10.1
00000010=2 198.32.10. 00000010 = 198.32.10.2
00000011=3 198.32.10. 00000011 = 198.32.10.3
00000100=4 198.32.10. 00000100 = 198.32.10.4
00000101=5 198.32.10. 00000101 = 198.32.10.5
wildcard mask is 00000111=6 198.32.10. 00000111 = 198.32.10.6
always the :
same 01111111=127 198.32.10. 01111111 = 198.32.10.127

Access-list 125 deny ip 198.32.10.128 0.0.0.127 any 198.32.10.128 =


(This ACL would block the upper half of the subnet.)
0. 0. 0.127
--------------------
198.32.10.?

128= 10000000
127= 01111111 (0 is match, 1 is Ignore)
-------------------------
1xxxxxxxx 198.32.10. 10000000 = 198.32.10.128
198.32.10. 10000001 = 198.32.10.129
10000000=128 198.32.10. 10000010 = 198.32.10.130
10000001=129 198.32.10. 10000011 = 198.32.10.131
10000010=130 198.32.10. 10000100 = 198.32.10.132
10000011=131 198.32.10. 10000101 = 198.32.10.133
10000100=132 198.32.10. 10000111 = 198.32.10.134
10000101=133 :
10000111=134 198.32.10. 11111111 = 198.32.10.255
:
11111111=255
ACL

EXTENDED ACL
STANDARD ACL
1. source address, destination address (L3)
1. source addresses (L3 of OSI model)
protocol, application / port number (L4)
2. Apply close to Destination
2. Apply close to Source

Numbered
Named Numbered Named

ip access-list standard GEORGE ip access-list extended GRACIE


deny host 192.168.90.36 deny tcp any host 192.168.207.27 eq www
permit any permit tcp any 192.168.207.0 0.0.0.255 eq www
1 to 99 100 to 199 deny ip any any
interface gig0/1 interface gig0/1
1300 to 1999 ip access-group GEORGE out 2000 to 2699 ip access-group GRACIE in

access-list 1 permit 192.168.90.36 0.0.0.0 access-list 125 permit ip 192.168.90.36 0.0.0.0 192.175.63.12 0.0.0.0
or access-list 178 deny tcp host 192.168.90.36 host 192.175.63.12 eq 23
access-list 78 deny host 192.168.90.36
access-list 1 deny any
STANDARD ACL EXTENDED ACL
0. STANDARD Numbered ACL 1. EXTENDED Numbered ACL
access-list 1 permit 192.168.90.36 0.0.0.0 access-list 125 permit ip 192.168.90.36 0.0.0.0 192.175.63.12 0.0.0.0

access-list 78 deny host 192.168.90.36 access-list 178 deny tcp host 192.168.90.36 host 192.175.63.12 eq 23

NOTE: port 23 = telnet

1. STANDARD Named ACL 2. EXTENDED Named ACL


ip access-list standard GEORGE ip access-list extended GRACIE
deny host 192.168.90.36 deny tcp any host 192.168.207.27 eq www
permit any permit tcp any 192.168.207.0 0.0.0.255 eq www

interface gig0/1 interface gig0/1


ip access-group GEORGE out ip access-group GRACIE in

You might also like