Question on Cisco reverse Subnets

Discussion in 'Cisco' started by James Roper, Dec 16, 2003.

  1. James Roper

    James Roper Guest

    I hear it is a good idea to block incoming traffic with an IP address you
    are using in the inside.

    Acess-Rule 101 deny ip my.class.c.0 0.0.255 0.0.0.0 255.255.255.255

    But lets say I don't have a class C. Lets say I have a subnet
    64.125.217.120
    255.255.255.248

    What would the inverse subnet mask be?

    My Guess - can someone confirm
    00000000.00000000.00000000.00000111
    0.0.0.7 ?

    is this right?

    James Roper
     
    James Roper, Dec 16, 2003
    #1
    1. Advertisements

  2. :I hear it is a good idea to block incoming traffic with an IP address you
    :are using in the inside.

    :Acess-Rule 101 deny ip my.class.c.0 0.0.255 0.0.0.0 255.255.255.255

    You would usually use

    access-list 101 deny ip my.class.c.0 0.0.0.255 any


    :But lets say I don't have a class C. Lets say I have a subnet
    :64.125.217.120
    :255.255.255.248

    :What would the inverse subnet mask be?

    :My Guess - can someone confirm
    :00000000.00000000.00000000.00000111
    :0.0.0.7 ?

    :is this right?

    Yes. The wildcard mask XOR'd with the netmask should result in
    255.255.255.255.
     
    Walter Roberson, Dec 16, 2003
    #2
    1. Advertisements

  3. James Roper

    James Roper Guest

    Looks like that worked. thanks
     
    James Roper, Dec 16, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.