Home > Access-list Questions

Access-list Questions

March 16th, 2020 in ENCOR 350-401 Go to comments

Question 1


Remember, for the wildcard mask, 1′s are I DON’T CARE, and 0′s are I CARE. So now let’s analyze a simple ACL:

access-list 1 permit

Two first octets are all 0’s meaning that we care about the network 172.23.x.x. The third octet of the wildcard mask, 15 (0000 1111 in binary), means that we care about first 4 bits but don’t care about last 4 bits so we allow the third octet in the form of 0001xxxx (minimum:00010000 = 16; maximum: 0001111 = 31).


The fourth octet is 255 (all 1 bits) that means I don’t care.

Therefore network ranges from to

Now let’s consider the wildcard mask of (four octet: 254 = 1111 1110) which means we only care the last bit. Therefore if the last bit of the IP address is a “1” (0000 0001) then only odd numbers are allowed. If the last bit of the IP address is a “0” (0000 0000) then only even numbers are allowed.

Note: In binary, odd numbers are always end with a “1” while even numbers are always end with a “0”.

Therefore in this question, only the statement “permit” will allow all odd-numbered hosts in the subnet.

Question 2

Question 3


The syntax of an extended ACL is shown below:

access-list access-list-number {permit | deny} protocol source {source-mask} destination {destination-mask} [eq destination-port]

Question 4


Although the statement “permit tcp any any gt … lt …” seems to be correct but in fact it is not. Each ACL statement only supports either “gt” or “lt” but not both:


Question 5


We can insert a line (statement) between entries into an existing ACL by a number in between.


So what will happen if we just enter a statement without the number? Well, that statement would be added at the bottom of an ACL. But in this case we already had an explicit “deny ip any any” statement so we cannot put another line under it.

  1. anonymous
    April 6th, 2020

    Where can I get the questions for these answers?

  1. No trackbacks yet.