Thank you to everyone who participated…  It was my first time running a little contest on the blog, and I’m sorry to say it didn’t quite work as I expected!  The comments were not supposed to be seen until a day later, but I think I forgot to share that with the other folks here!  My bad!

Anyway, there are a variety of answers that we received in the commentary, and remember that I said all three must be correct.  That was the catchy part, as even the first few people were almost there.  Almost, but not quite!  It’s a good learning curve though!

Andrew Dempsey was the first person to actually get all three of them correct!  Congratulations!  Andrew, pop me an e-mail and we’ll figure out how to get the tokens to you.

To everyone else, I promise to have all the kinks worked out by tomorrow when I post Part II with a much more exciting set of things to think about!

1.  Start picking a few and finding similarities again…

0    00000000
4    00000100
8    00001000
12    00001100
16    00010000
20    00010100
etc.

Just like with our even/odd example, we look at the constants.  The last two bits will ALWAYS be “00″.  So a mask of 11111100 would fit.

access-list 16 permit 131.102.0.0 0.0.252.255

2.  Our differences here are in the third octet.

128    10000000
130    10000010
132    10000100
134    10000110
136    10001000
138    10001010

There are three bits of difference between the six values there.  The 2-bit, 4-bit and 8-bit positions.  But 2^3 would yield eight matches.

140 and 142 are missing there.  So we have two ways of looking at this.

Method 1:

access-list 17 permit 200.100.128.0 0.0.6.0
access-list 17 permit 200.100.136.0 0.0.2.0

Method 2:

access-list 17 deny 200.100.140.0 0.0.2.0
access-list 17 permit 200.100.128.0 0.0.14.0

Either way, two lines is our best bet!

3.  This is a little more complicated than it looks!  Namely because there’s a gap in the middle and we aren’t allowed to use any “deny” statements!  Go figure!

This exercise is just like creating subnets though.  How well did you know your bit boundaries?

So let’s make as many major blocks as we can.

access-list 18 permit 158.1.100.0 0.0.0.63
access-list 18 permit 158.1.100.64 0.0.0.15
access-list 18 permit 158.1.100.80 0.0.0.7
access-list 18 permit 158.1.100.88 0.0.0.3
access-list 18 permit 158.1.100.92 0.0.0.0
access-list 18 permit 158.1.100.107 0.0.0.0
access-list 18 permit 158.1.100.108 0.0.0.3
access-list 18 permit 158.1.100.112 0.0.0.15
access-list 18 permit 158.1.100.128 0.0.0.127

After a while you have to think about all the different bit boundaries.  On the bright side, Windows Calculator available to help if necessary!

Back in a day’ish!

### 10 Responses to “Binary Math – Part I Answers”

1. NTllect says:

Hi,

I’m not sure about first 2 answers you give, can you please explain them in more detail?

First task says “Allow packets from all hosts in every fourth /24 network from 131.102.0.0/16

I interpreted this task as “permit every forth”, that in fact translates to 4th, 8th, 12th and so on networks. You begin counting from zero network, that in fact is 0th network, so I think it is a little overlapping.

Second task says “In as few lines as possible, permit only the following networks (assume it will be a distribute-list)”

I translated keyword “only” as to deny all other networks, in this case odd numbers. You permit them.

I hope you’ll comment on this. Thanks!

2. ovais says:

Hi, can you kindly explain what did you mean by bit boundary, i may know it, but i am a little confused, can you kindly explain it a bit, what do we mean by a bit boundary !

3. Jason DSouza says:

Hi,

This post was really informative for me, and the third task really made me think a lot, just want to know if it is feasible for you to create a COD on this subject which will benefit all of us here, and if i am not wrong R&S Advanced technologies class on demand does not cover this stuff.

Jason

4. NTllect,

Every fourth has to start someplace! Since 0 is a valid network, would that not be a starting point?

Unlike in ordinary numbering, network numbers actually start counting at 0. 0 is considered to be an even network. 1 is considered the first odd network.

So even if you didn’t like “0″ for some reason, the masking would still stand, you would simply have a deny for the .0 network at the very beginning of your ACL!

As for the only part in the second task, that would be correct. Notice the binary on the mask:

access-list 17 permit 200.100.128.0 0.0.6.0
access-list 17 permit 200.100.136.0 0.0.2.0

If the odd numbers were included as well, the mask would be 0.0.7.0 and 0.0.3.0, but they are not. The “0″ value in the “1-bit” position suggest that the value MUST NOT change from the originally setting bits. And our setting bits of 128 (1000000) means that 10000xx0 is what we will end up with for the first line. Therefore, we will never have an odd number (which ends in a 1 bit) match that.

HTH.

5. Ovais,

Bit boundaries mean and of the 1, 2, 4, 8, 16, 32, 64, or 128 positions.

The numbers 132 and 124 as an example. If you subtract them, you get 8. But that’s not the only bit different because they cross a bit boundary.

124 = 01111100
132 = 10000100

So there are actually 5 bits different between them.

HTH.

6. Jason,

There is currently no CoD on this in any depth. I don’t see why I couldn’t create on though!

I’ll work on that, and we’ll get things put together!

7. Ian says:

Hi,

Sorry I’m not trying to be picky about this, but when I was working through your example I used the .255 in the 4th octet mask, but you used .0 and said that this was required because you asked for networks and not hosts?

Would you be marked wrong on this or are both masks 0.0.252.0 and 0.0.252.255 valid for the exam?

Thanks,
Ian.

P.s. Great examples to work with though!

8. Ian,

Great question, but no. Although I did have to go back and re-read to make sure I didn’t make a mistake! (it happens now and then!)

The question was “Allow packets from all hosts in every fourth /24 network from 131.102.0.0/16″

So while it did refer to every fourth network, it said “all hosts”.

Depending on the wording of the question, I do believe there can be right or wrong answers based on the fourth octet being .0 versus .255!

Your reply also reminds me I need to figure out a last test question for Part 2 and get that put up here!

9. Ian says:

Thanks,

So you did !!!
Well that whole area is interesting that you have introduced there with the 4th Octet, I haven’t seen that before, i.e. Allow Hosts from the networks as opposed to Allow only networks.

Is it basically a matter of interpreting the question as to whether they are asking for “Hosts” or just “Networks” as to what to make the 4th octet mask?

And if so, if the division is not as clear cut as normal i.e. 8 bit, 16bit or 24bit boundaries then the “HOSTS” portion of the mask may not fall entirely on the 4th Octet??

Sorry I’m not doing a good job of getting that point across and am starting to confuse myself

But maybe if you know what (Or half what) I am getting at there, maybe you could include a little section in your next Blog about this topic?

This stuff is priceless..

Ian.

10. jslaven says:

In the answer to question 2, you wrote “There are three bits of difference between the six values there. The 2-bit, 4-bit and 8-bit positions.” Are you saying there are three bits that are changing (which I interpret as 2-bit, 3-bit, and 4-bit) or are you saying there are three bit boundary changes (which, again, I interpret as 2-bit, 3-bit, and 4-bit)?

jslaven