1
00:00:00,000 --> 00:00:02,850
[MUSIC PLAYING]

2
00:00:02,850 --> 00:00:07,600

3
00:00:07,600 --> 00:00:11,090
Congratulations on
completing another skill.

4
00:00:11,090 --> 00:00:15,740
Now it's time for a review
in the form of a quiz.

5
00:00:15,740 --> 00:00:19,970
So let's go ahead and jump
in with our first question.

6
00:00:19,970 --> 00:00:23,530
What is the correct
ACL wildcard mask

7
00:00:23,530 --> 00:00:27,805
to match the following
routes using a single line?

8
00:00:27,805 --> 00:00:34,010

9
00:00:34,010 --> 00:00:36,580
So in order to match on
each of these prefixes,

10
00:00:36,580 --> 00:00:43,810
the correct answer
would be 0.16.64.255.

11
00:00:43,810 --> 00:00:47,200
Now, we might want to break that
down in just a little bit more

12
00:00:47,200 --> 00:00:48,260
detail.

13
00:00:48,260 --> 00:00:50,710
So the first thing we
have to look at here

14
00:00:50,710 --> 00:00:55,510
is, unlike the examples that we
did during our demonstrations,

15
00:00:55,510 --> 00:00:57,680
I stepped this one
up just a little bit.

16
00:00:57,680 --> 00:01:02,050
And instead, we're looking at
two octets that are actually

17
00:01:02,050 --> 00:01:03,670
changing their value.

18
00:01:03,670 --> 00:01:07,330
However, hopefully you can
see that there is clearly

19
00:01:07,330 --> 00:01:08,900
a pattern here.

20
00:01:08,900 --> 00:01:12,850
So what we need to do is we need
to take each of these values

21
00:01:12,850 --> 00:01:16,340
and break them down into binary.

22
00:01:16,340 --> 00:01:18,070
So I have that set up.

23
00:01:18,070 --> 00:01:22,420
And first, we have
our 71 and our 87.

24
00:01:22,420 --> 00:01:26,870
So this would be dealing
with the second octet.

25
00:01:26,870 --> 00:01:29,150
And just like we've
done before, we

26
00:01:29,150 --> 00:01:32,100
want to look at what
bits are different.

27
00:01:32,100 --> 00:01:36,950
So in this case, it would be
0, because those are the same.

28
00:01:36,950 --> 00:01:39,870
The first three bits
are all the same.

29
00:01:39,870 --> 00:01:41,850
It's the fourth bit
that's different.

30
00:01:41,850 --> 00:01:44,510
So that would be a 1
in our wildcard mask.

31
00:01:44,510 --> 00:01:49,460
And then of course, the last
four are also all zeros.

32
00:01:49,460 --> 00:01:53,270
And if we translate
this back to decimal,

33
00:01:53,270 --> 00:01:56,030
this is going to be 16.

34
00:01:56,030 --> 00:02:00,500
And that's where we get this
value for our wildcard mask.

35
00:02:00,500 --> 00:02:07,670
Likewise, for the third
octet, we have a 39 and a 103.

36
00:02:07,670 --> 00:02:09,990
If we break this
down the same way--

37
00:02:09,990 --> 00:02:14,120
once again, this would be
a 0, this would be a 1,

38
00:02:14,120 --> 00:02:17,300
and the rest of these
would all be zeros.

39
00:02:17,300 --> 00:02:22,800
This, of course, is 64,
which gives us this value.

40
00:02:22,800 --> 00:02:24,990
And that's how we figure it out.

41
00:02:24,990 --> 00:02:29,420
Now, in a situation like this,
we can often shortcut this.

42
00:02:29,420 --> 00:02:31,970
Since this is only
going to work when

43
00:02:31,970 --> 00:02:36,920
we have a few bits, such as
this one and this one that

44
00:02:36,920 --> 00:02:39,230
are different,
these are generally

45
00:02:39,230 --> 00:02:41,450
going to be multiples of 2.

46
00:02:41,450 --> 00:02:47,760
So 1, 2, 4, 8, 16,
32, 64, or 128.

47
00:02:47,760 --> 00:02:51,320
So if we actually look at these
values, what we could do is

48
00:02:51,320 --> 00:02:53,090
we could just take
the higher value--

49
00:02:53,090 --> 00:02:55,310
in this case, 87--

50
00:02:55,310 --> 00:02:57,650
and we could subtract
the lower value--

51
00:02:57,650 --> 00:03:00,620
in this case, 71.

52
00:03:00,620 --> 00:03:04,790
And that would give us the
16, which again, correlates

53
00:03:04,790 --> 00:03:07,400
to the 16 in the second octet.

54
00:03:07,400 --> 00:03:09,380
And we could do the
same thing here,

55
00:03:09,380 --> 00:03:15,260
if we were to take
103 and subtract 39.

56
00:03:15,260 --> 00:03:19,850
Again, this is 64, which is
going to match this value,

57
00:03:19,850 --> 00:03:22,370
because it's only
that one bit that's

58
00:03:22,370 --> 00:03:24,600
different between the values.

59
00:03:24,600 --> 00:03:27,570
Now, it might not always
break down quite that clean,

60
00:03:27,570 --> 00:03:29,870
but it should be
some combination

61
00:03:29,870 --> 00:03:32,270
of the multiples of 2.

62
00:03:32,270 --> 00:03:36,800
So for example, maybe if the
difference came out to a 9,

63
00:03:36,800 --> 00:03:41,480
we'd be pretty clear that
that's probably an 8 and a 1,

64
00:03:41,480 --> 00:03:44,780
since those are multiples of 2.

65
00:03:44,780 --> 00:03:48,560
So just to make sure that's
clear, whatever the answer is

66
00:03:48,560 --> 00:03:51,560
to the difference
in the two numbers,

67
00:03:51,560 --> 00:03:56,120
it should be some combination
of the powers of 2.

68
00:03:56,120 --> 00:03:59,030
That might be easy to figure
out, and it might not be.

69
00:03:59,030 --> 00:04:02,870
If it's easy, like the
9 being an 8 and a 1.

70
00:04:02,870 --> 00:04:06,770
Or in this case, it was
flat out just a 16 and 64.

71
00:04:06,770 --> 00:04:10,310
Well, then you can certainly
do this sort of shorter way

72
00:04:10,310 --> 00:04:12,230
of just doing the subtraction.

73
00:04:12,230 --> 00:04:14,870
And if you do that, it's
a little more complicated.

74
00:04:14,870 --> 00:04:18,149
Then by all means, we
can still do it this way.

75
00:04:18,149 --> 00:04:20,240
It doesn't matter how
complicated they are

76
00:04:20,240 --> 00:04:22,670
if we break it down to binary.

77
00:04:22,670 --> 00:04:26,030
But just to summarize,
the correct wildcard mask

78
00:04:26,030 --> 00:04:34,680
to match on these networks
would be 0.16.64.255.

79
00:04:34,680 --> 00:04:36,310
Next question.

80
00:04:36,310 --> 00:04:39,240
Given the following
prefix list, which

81
00:04:39,240 --> 00:04:41,910
routes would be permitted?

82
00:04:41,910 --> 00:04:49,500
IP prefix list PL_FILTER
deny 10.1.0.0/16 greater than

83
00:04:49,500 --> 00:04:51,450
or equal to 25.

84
00:04:51,450 --> 00:04:59,820
IP prefix list PL_FILTER permit
10.1.0.0/16 less than or equal

85
00:04:59,820 --> 00:05:00,435
to 24?

86
00:05:00,435 --> 00:05:06,870

87
00:05:06,870 --> 00:05:09,020
So of course, the big
thing to watch on this one

88
00:05:09,020 --> 00:05:11,570
is that we're looking for
what's going to be permitted.

89
00:05:11,570 --> 00:05:14,420
So we have to make sure
that our answers are

90
00:05:14,420 --> 00:05:16,430
permitted by the
second statement,

91
00:05:16,430 --> 00:05:19,680
yet not denied by the first.

92
00:05:19,680 --> 00:05:22,050
So let's go down our list.

93
00:05:22,050 --> 00:05:28,550
So first, answer
one is 10.1.1.0/24.

94
00:05:28,550 --> 00:05:33,360
Now for the deny statement,
we do match the first 16 bits,

95
00:05:33,360 --> 00:05:35,180
which is the requirement here.

96
00:05:35,180 --> 00:05:39,480
But the mask has to be
greater than or equal to 25,

97
00:05:39,480 --> 00:05:42,860
which means that our usable
range here is actually

98
00:05:42,860 --> 00:05:46,490
25 to 32.

99
00:05:46,490 --> 00:05:50,690
This does not fit into
the range of 25 to 32,

100
00:05:50,690 --> 00:05:53,330
so it would not be denied.

101
00:05:53,330 --> 00:05:55,670
Moving on to the
permit statement,

102
00:05:55,670 --> 00:05:57,530
it's almost the same,
except that it's

103
00:05:57,530 --> 00:05:59,910
less than or equal to 24.

104
00:05:59,910 --> 00:06:05,780
So in this case, the range
is going to be 16 to 24

105
00:06:05,780 --> 00:06:07,320
for the mask.

106
00:06:07,320 --> 00:06:12,780
So all of that said, it means
that answer one is, in fact,

107
00:06:12,780 --> 00:06:16,580
going to be allowed based
on the permit statement,

108
00:06:16,580 --> 00:06:19,100
because the 24 is
within the range,

109
00:06:19,100 --> 00:06:22,070
and the first 16 bits match.

110
00:06:22,070 --> 00:06:23,810
Answer number two.

111
00:06:23,810 --> 00:06:29,120
The big problem we have
with this answer is the /32.

112
00:06:29,120 --> 00:06:32,100
That falls into
this range up here.

113
00:06:32,100 --> 00:06:34,350
And that's on the
deny statement.

114
00:06:34,350 --> 00:06:37,280
So even if it did match the
permit statement, which we're

115
00:06:37,280 --> 00:06:39,080
not even going to
look at, it doesn't

116
00:06:39,080 --> 00:06:41,550
matter because it's
being denied first.

117
00:06:41,550 --> 00:06:43,700
So two would be incorrect.

118
00:06:43,700 --> 00:06:48,570
3 is 10.1.0.0/10.

119
00:06:48,570 --> 00:06:51,320
Now, the problem with
this one is once again

120
00:06:51,320 --> 00:06:54,150
it doesn't fit into
any of the ranges.

121
00:06:54,150 --> 00:06:57,650
So the bit mask
might be OK, but it

122
00:06:57,650 --> 00:07:00,710
doesn't fit into the ranges
for the subnet masks.

123
00:07:00,710 --> 00:07:04,790
So again, 3 is going to
be an incorrect answer.

124
00:07:04,790 --> 00:07:10,490
Number 4, 10.1.64.0/18.

125
00:07:10,490 --> 00:07:14,620
Now, this one might be a little
bit confusing because of the 64

126
00:07:14,620 --> 00:07:15,800
here.

127
00:07:15,800 --> 00:07:18,370
But keep in mind,
we're only telling it

128
00:07:18,370 --> 00:07:21,260
to match on the first 16 bits.

129
00:07:21,260 --> 00:07:24,490
Now, the 18 does not
fall into the range

130
00:07:24,490 --> 00:07:29,440
of the deny statement, which is,
of course, the 25 to 32 again.

131
00:07:29,440 --> 00:07:33,040
But it does fit
within the 16 to 24.

132
00:07:33,040 --> 00:07:36,410
And again, we're matching
on those first 16 bits.

133
00:07:36,410 --> 00:07:40,370
So that would make
4 a correct answer.

134
00:07:40,370 --> 00:07:43,580
And number 5, once
again, is a /26,

135
00:07:43,580 --> 00:07:48,640
which falls into that range for
the deny statement, 25 to 32.

136
00:07:48,640 --> 00:07:51,340
So it's going to be denied.

137
00:07:51,340 --> 00:07:57,680
Therefore, the correct answers
to this question are 1 and 4.

138
00:07:57,680 --> 00:07:59,880
So that concludes this quiz.

139
00:07:59,880 --> 00:08:02,390
If you find that you
were unable to answer

140
00:08:02,390 --> 00:08:04,700
any of these questions,
I would encourage

141
00:08:04,700 --> 00:08:07,910
you to go back and review
the referenced sources

142
00:08:07,910 --> 00:08:09,870
on each question.

143
00:08:09,870 --> 00:08:13,040
Otherwise, congratulations
on completing

144
00:08:13,040 --> 00:08:14,960
Explaining Route Filtering.

145
00:08:14,960 --> 00:08:17,330
I hope this has been
informative for you,

146
00:08:17,330 --> 00:08:20,500
and I'd like to thank
you for viewing.

147
00:08:20,500 --> 00:08:24,000