Explanation:Explanation:

When we assign an IP address to an
interface, the operating system performs a process called ANDING. Let's say the
IP address is 2.2.2.2 with a Subnet Mask of 255.255.255.0, the operating system
will perform ANDING, which is nothing but a multiplication. Basically, 1 multiply
by 1 is 1, 1 multiplied by 0 is 0, and 0 multiply by 0 is 0. You may think this is too easy, where is he going with this. Let’s go through
the process and you will see:

00000010.00000010.00000010.00000010 à The Network

11111111.11111111.11111111.00000000 à The Subnet Mask

-------------------------------------------------------

00000010.00000010.00000010.00000000 à The Result

è
2.2.2.0

As we can see the result of the
ANDING is 2.2.0.0, and this is the network, So, when we assign an IP address
and a Subnet Mask, the operating system performs ANDING to get the network
address.

In IOS, we can use Subnet Mask
and/or an Inverse Mask. Why we use Inverse Mask? Because we can have
discontinuous ONEs, whereas, in Subnet Mask we can NOT.

To convert an inverse mask to a
regular mask, we can subtract the inverse mask from 255.255.255.255.

Now, let’s go over the Access-List 2.2.1.0 With an inverse mask of
0.0.254.0

Let’s do ANDING, but before we do
ANDING we have to convert the inverse mask to regular mask, let’s do that:

255.255.255.255 – 0.0.254.0 =
255.255.1.255

Now, let’s do ANDING:

00000010.00000010.00000001.00000000

11111111.11111111.00000001.00000000

--------------------------------------

00000010.00000010.00000001.00000000

è
2.2.2.0

So, the result of ANDING is
2.2.1.0, and if the result is 2.2.1.0 based on the ACL it is denied.

Now, let’s
see if 2.2.3.0 is allowed:

00000010.00000010.00000011.00000000

-------------------------------------------------------

00000010.00000010.00000001.00000000

è
2.2.2.0

WOW, you can see the result of the
ANDING is the same 2.2.1.0, we can see that if 2.2.5.0 is used it will still
AND to 2.2.1.0 which is ODD in the third octet. So, all ODD numbered third
octet will AND to 2.2.1.0 and it is denied.

NOW, is 2.2.2.0 is looked at, it will AND to 2.2.0.0, and based on the ACL it
will be permitted, so as a result all the EVEN numbered third octet subnets
will be allowed, and all the ODD numbered third octet subnets will be denied.

**Credits:**

CCIE by Mr. Narbik Kocharians © 2014

CCIE R&S Foundation v5.0 Workbook Vol-1 (RIPv2 Labs)

## 0 comments:

## Post a Comment