We will observe that access-list 1 permit 192.168.1.1 0.0.0.255 is same meaning as access-list 1 permit 192.168.1.253 0.0.0.255. You see that both of these access-list permitting any traffic that are generated by 192.168.1.1 - 192.168.1.255 hosts but why we just don't write it as access-list 1 permit 192.168.1.0 0.0.0.255?
or
maybe those 3 access-list are all same meaning?
The answer is yes, they are all same meaning.
access-list 1 permit 192.168.1.1 0.0.0.255, and
access-list 1 permit 192.168.1.253 0.0.0.255, and
access-list 1 permit 192.168.1.0 0.0.0.255
are all same meaning.
Later, I will show that is not only 3 access-list variation that we can build to block these address (192.168.1.1 - 192.168.1.255) but many.
How can it be? Well access-list is just an OR operation between IP part, the wildcard mask, and the address of an IP packet.
Any IP packet that have layer 3 address (source) that OR-ed with (IP part OR the wildcard mask) is have same result with result of IP part OR the wildcard mask they will be assumed match.
Well, First, we need a brief wisdom of binary OR operation. You can read it in here:
Second, we will learn bitwise operation behind the access-list. In this steps I will say that an access-list is just an OR operation between A, B and C. Follow me.
Third, we will answer the question.
(1) Please read the blog
(2) Recall one of our access-list: access-list 1 permit 192.168.1.1 0.0.0.255
we can re-say it correctly with: access-list 1 permit A B, where A = 192.168.1.1 and B = 0.0.0.255
We will need another variable C. So now we have A, B, and C variable.
So we re-gather them again:
A = 192.1681.1 = An IP address of an access-list
B = 0.0.0.255 = the wildcard mask of an access-list
and, C = any IP address
(3)Your friend give a hosts-list 192.168.1.3 and 192.168.1.4 to you. They want you to block these host's internet connection. Tell me your A and B on your access-list that you want to built to block the host internet conn.?
Since C = 192.168.1.3 OR 192.168.1.4 = 192.168.1.7
A = 192.168.1.3
B = 0.0.0.4
access-list 1 permit 192.168.1.3 0.0.0.4
A = 192.168.1.3
B = 0.0.0.7
access-list 1 permit 192.168.1.3 0.0.0.7
A = 192.168.1.4
B = 0.0.0.3
access-list 1 permit 192.168.1.4 0.0.0.3
A = 192.168.1.4
B = 0.0.0.7
access-list 1 permit 192.168.1.4 0.0.0.7
A = 192.168.1.7
B = 0.0.0.4
access-list 1 permit 192.168.1.7 0.0.0.4
A = 192.168.1.7
B = 0.0.0.3
access-list 1 permit 192.168.1.7 0.0.0.3
Have you count how many access-list variation that we have in this question? Yes it is 6! Where 6 came from?
2. How much host that will be block accidentally using your access-list?
Answer: If you using 1 one of question number 1 access-list you will
No comments:
Post a Comment