Cisco Router – Access List Policy with Odd and Even Filtering

aclciscoipv4labrouter

I'm having some issues with some access list configuration regarding a topology. The lab requirements are:

Deny any host with even-numbered IP addresses from the BM_R1 LAN from
accessing hosts on the BM_R3 LAN.
Hosts with odd-numbered IP addresses on the BM_R1 LAN should be able
to ping any other destination.

The two networks to which the access list refers are 172.16.1.128/25 (R3 LAN) and 172.16.1.160 (R1 LAN). I've tried changing the wildcard bits to 0.0.0.254 for even IP addresses on both. I've also tried placing them on either R1 or R3, but it did not work. What am I doing wrong?

Best Answer

When creating ACLs in a Cisco router, you use wildcard masks. Where you have a bit set to 0 in the wildcard mask, that bit must exactly match in the address. Remember that addresses and masks, including wildcard masks, are really just 32-bit numbers. This only works for IPv4; IPv6 uses CIDR notation.

For example:

ip access-list 10 deny 192.168.2.0 0.0.1.255   ! denies anything between 192.168.2.0 and 192.168.3.255
ip access-list 10 deny 192.168.2.0 0.0.1.254   ! denies only even addresses between 192.168.2.0 and 192.168.3.255
ip access-list 10 deny 192.168.2.1 0.0.1.254   ! denies only odd addresses between 192.168.2.0 and 192.168.3.255

This is something that used to be taught in Cisco classes, but it's not actually very useful in the real world. If you must use non-contiguous wildcard masks, you should probably rethink the network design.

Best Answer

Related Solutions

Cisco – Trying to test a virtual lab VRRP configuration for STP issues

Cisco – Routing Issue – Can’t access internet and home lab at the same time

Related Topic