Access-list

Unanswered Question
Jun 16th, 2008
User Badges:

Hello,

Very basic question..which is throwing me off.


We never use this in Production environment. But when we have an access-list like following


access-list 1 permit 0.0.0.0 255.255.255.255


This means..we are allowing any host ( 0.0.0.0) and what is confusing me is 255.255.255.255.. ( Does this mean any subnet).


Usuallay in access-list we use inverse mask. so if it's /24 our statement would be something like this


access-list 1 permit 0.0.0.0 0.0.0.255 and this would translate to any host ( 0.0.0.0) with a subnet of /24.


But 0.0.0.0 255.255.255.255.. correct me if my understanding is correct. this would translate to any host with any subnet mask.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
foxbatreco Mon, 06/16/2008 - 14:37
User Badges:
  • Bronze, 100 points or more

access-list 1 permit 0.0.0.0 255.255.255.255 means u permit any host/subnet.

Inverse masks are used to identify the range of Networks/hosts to be allowed through.Say acl 5 permit ip 192.168.200.0 0.0.0.255 will indicate allow only networks with 192.168.200 and with hosts in the range between 0-255 only.

In essence..all 0's in the wildcard portion indicate the corresponding network bit ( 192.168.200) must be an exact match & any 255 ( which is binary 1) in wildcard means permit any host between 0 to 255 range.


Instead of ur acl access-list 1 permit 0.0.0.0 255.255.255.255 ..u can indicate it as

acl 1 permit any also.Both server same task.


Pls rate/mark if this helps!!!

michael.leblanc Mon, 06/16/2008 - 15:29
User Badges:
  • Silver, 250 points or more

Unfortunately, he posted the question twice (8 min. apart), and already received his answer.


Actions

This Discussion