Is this wildcard mask including this specific address?

Unanswered Question
Feb 12th, 2008
User Badges:

Imagine I want to allow traffic from networks, including 150.59.228.101/24 onto my router. Someone suggested the access-list below but I am not sure if this looks right:


They suggest 'permit ip any 150.59.224.0 0.0.192.255 permit ip any 150.59.232.0 0.0.192.255'.


Is this going to include traffic from 150.59.228.101/24?


I am aware that matches for the third and fourth octect will be the below therefore I don't think includes ".228.101/24". Do you agree this access-list is wrong?



Third Octet Match(es)

40

104

168

232


Fourth Octet Match(es)

0- 255




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 02/12/2008 - 11:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Marlon


There are a few things in your post that need some clarification. You ask about 150.59.228.101/24, and if you really want /24 then any address in the fourth octet would be included and it would be written as 150.59.228.0/24. And if you really want the specific host address of 150.59.228.101 then it is a /32.


I am not clear how you came up with the matches in the third octet that you mention. And I do not believe that the mask of 0.0.192.255 will produce the results that you want. If you really want /24 then it should be written as permit ip any 150.59.228.0 0.0.0.255. and if you really want the address 150.59.228.101 then it would be written as permit ip any 150.59.228.101 0.0.0.0


HTH


Rick

Rick Morris Wed, 02/13/2008 - 12:35
User Badges:
  • Silver, 250 points or more

Yes the acl is wrong for use with wildcards

What you need to allow the entire /24 is

permit ip any 150.59.228.0 0.0.0.255


If you want just the host you specified above, then:


permit ip any host 150.59.228.101


If there is something you need in a larger block then it would be something entirely different.


We would need to know the subnet you are wanting in order to provide the correct wildcard mask.

Actions

This Discussion