05-11-2009, 07:22 PM
First thing to to do is to define the subnet (which you have correct as 192.168.125.32), then as there are 27 bits used for sub-netting, this gives the mask the value of 255.255.255.224. This again you correctly state as having a subnet every 32. However, the host range will now be 33 - 62 as 63 is the broadcast - not 47 as stated by wtf007.
You don't seem to give all the information for the question, but from what you've provided then the following would appear to be true.
To deny the host (192.168.125.34) access to all hosts outside its network using an extended access list, then the following information is required:
access-list <number> permit/deny <protocol> <source> <destination> <mask>
e.g. access-list 100 permit ip host 192.168.125.32 192.168.125.0 0.0.0.255
As any access list includes an explicit deny statement that is there by default, then all other connections would be blocked. To answer the question from wtf007 about the subnet mask 0.0.0.0 - this is the wildcard mask for a host address, this means that all 4 octets must match exactly for the statement to be true.
You don't seem to give all the information for the question, but from what you've provided then the following would appear to be true.
To deny the host (192.168.125.34) access to all hosts outside its network using an extended access list, then the following information is required:
access-list <number> permit/deny <protocol> <source> <destination> <mask>
e.g. access-list 100 permit ip host 192.168.125.32 192.168.125.0 0.0.0.255
As any access list includes an explicit deny statement that is there by default, then all other connections would be blocked. To answer the question from wtf007 about the subnet mask 0.0.0.0 - this is the wildcard mask for a host address, this means that all 4 octets must match exactly for the statement to be true.