Unanswered Question
Jun 16th, 2008
User Badges:


Very basic question..which is throwing me off.

We never use this in Production environment. But when we have an access-list like following

access-list 1 permit

This means..we are allowing any host ( and what is confusing me is ( Does this mean any subnet).

Usuallay in access-list we use inverse mask. so if it's /24 our statement would be something like this

access-list 1 permit and this would translate to any host ( with a subnet of /24.

But correct me if my understanding is correct. this would translate to any host with any subnet mask.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
foxbatreco Mon, 06/16/2008 - 14:37
User Badges:
  • Bronze, 100 points or more

access-list 1 permit means u permit any host/subnet.

Inverse masks are used to identify the range of Networks/hosts to be allowed through.Say acl 5 permit ip will indicate allow only networks with 192.168.200 and with hosts in the range between 0-255 only.

In essence..all 0's in the wildcard portion indicate the corresponding network bit ( 192.168.200) must be an exact match & any 255 ( which is binary 1) in wildcard means permit any host between 0 to 255 range.

Instead of ur acl access-list 1 permit ..u can indicate it as

acl 1 permit any also.Both server same task.

Pls rate/mark if this helps!!!

michael.leblanc Mon, 06/16/2008 - 15:29
User Badges:
  • Silver, 250 points or more

Unfortunately, he posted the question twice (8 min. apart), and already received his answer.


This Discussion