02-25-2008 08:43 AM - edited 03-11-2019 05:08 AM
Hi,
I'm pretty new on using Cisco routers, the guy that was in charge of this left and I'm supposed to take care of our Cisco 2811.
I'm trying to add a rule that allows unrestricted access from the whole subnet 192.168.0.0 /255.255.0.0 to certain range of IPs for example: 65.110.162.168 /29 (255.255.255.248)
I'm using Cisco SDM for this.
I'm able to add the rule and apply changes, but after I do an " Write to startup config" the rules changes automatically to a different IP, like this 1.0.0.0 or 5.0.0.0 and the subnet remains unchanged.
The rule looks like this:
Source: A Network = 192.168.0.0
Wildcard mask = 0.0.255.255
Destination: A Network = 65.110.162.168
Wildcard mask = 248.255.255.255
Protocol and Service: TCP
I have no idea what is happening and I would appreciate your help on this.
Thanks in advance.
Adrian
02-25-2008 10:00 AM
Adrian
Are you entering the wildcard mask of 248.255.255.255 ? or is that what the SDM is entering for you.
If it is you that is an incorrect wildcard mask. It needs to be
0.0.0.7
HTH
Jon
02-25-2008 10:51 AM
I'm entering the wildcard mask. Why it should be 0.0.0.7? I'll have to create multiple rules that have different kinds of masks....so I need to understand why is like that.....
Thank you for your answer....
Adrian
02-25-2008 11:01 AM
Adrian
Routers use inverse masks in access-lists so
192.168.0.0 subnet mask = 255.255.0.0
Subnet mask means the first 2 octets must match ie. 192.168.
The 3rd and 4th octet can be anything.
65.110.162.168 subnet mask 255.255.255.248
1st, 2nd, 3rd octect must match and only the last 3 bits in the last octet will change ie.
128 64 32 16 8 4 2 1
1 1 1 1 1 0 0 0 = 248
Last 3 bits ie. 4 + 2 + 1 = 7
Now an inverse mask is just the opposite of a subnet mask so
192.168.0.0 255.255.0.0 =
192.168.0.0 0.0.255.255
That one is easy because you just change 0 to 255 and 255 to 0
65.110.162.168 255.255.255.248 =
65.110.162.168 0.0.0.7 (7 because of the explanation above).
Now if that has totally confused you here is a quick way to do it
Whenever you see 255 change it to 0 and vice-versa.
Then
256 = 248 = 8 - 1 = 7
so 255.255.255.248 = 0.0.0.7
In the same way a subnet mask of 255.255.255.192 =
256 - 192 - 1 = 63 so inverse mask =
0.0.0.63
HTH
Jon
02-25-2008 11:07 AM
Thanks a lot.....that makes sense for me.
Adrian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide