Hello Rick

I agree with you, because this is what the Cisco theory says.

But I think that the IOS should send an "inconsistence message", because in reality is not correct this type of inverse mask (except the masks 255.255.255.255 [any] and 0.0.0.0 [host]).

No network have a subnetmask 0.0.0.255. According to the theory (again), the inverse mask comes from substraction of 255.255.255.255 minus the real mask.

Is for this last, I think the IOS

don?t should "decide" what to do.

This errors on mask and inverse masks could happend in operative areas when ACLs and static routes are requiered, and can impact seriously the network if we have "deny" ACLs, for example.

What do you think?

Thanks in advance

Pedro.

Hi,

I actually disagree with you, as with ACL any possible wildcard is meaningful, i'll give you an example:

To match these networks in one ACL statement:

10.0.0.0/16

10.4.0.0/16

10.32.0.0/16

10.36.0.0/16

access-list 1 permit 10.0.0.0 0.36.0.0

Another example would be, to match all the odd IPs in this subnet "10.0.0.0/24":

access-list 1 permit 10.0.0.1 0.0.0.254 (last bit is always 1, thus the address is always odd)

So as you can see, there is nothing called inconsistent wildcard mask.

I hope that i've been informative.

HTH,

Mohammed Mahmoud.

Hi Jorge

Thanks for the reference

Pedro

There is a difficult decision to determine whether the command line command that was input was a conceptual mistake or whether the person was attempting to accomplish some subtle distinction. Most of the time the IOS just accepts the configuration statement and that is what happened in your situation.

Every time that I am running Windows software and attempt to do something and Windows changes it (because it thinks that it knows better what is logical) I am reminded of the dangers of overriding the user input.

HTH

Rick

Hi Rick

Thanks for your time.

I only ask for any IOS "warning message", because I know the way to put a "dont care" bit on the network address, and believe me, in this case I didnt want that result. It was only a simple sintaxis error, but I never thought that IOS could change the three first octets!!.

In this particular case I wished IOS send me a "warning message" (like IOS do with a duplicated IP address on interface configuration).

What is the logical intention to put any number greater than zero on any address octet if on the wildcard mask octet by octet I put 255??

If as you says "most of the time the IOS accepts the configuration" , Its all right, but as I typed it or simply do not accept the command line.

What you think?

Do you think it could be a way to improve and to ensure the ACLs use?

There are some dangers on normal ACLs use and application, this "warning message" could be more safe the ACLs, beginning with a sintaxis validation.

Regards...