06-16-2008 08:50 AM - edited 03-05-2019 11:39 PM
Hello,
Very basic question..which is throwing me off.
We never use this in Production environment. But when we have an access-list like following
access-list 1 permit 0.0.0.0 255.255.255.255
This means..we are allowing any host ( 0.0.0.0) and what is confusing me is 255.255.255.255.. ( Does this mean any subnet).
Usuallay in access-list we use inverse mask. so if it's /24 our statement would be something like this
access-list 1 permit 0.0.0.0 0.0.0.255 and this would translate to any host ( 0.0.0.0) with a subnet of /24.
But 0.0.0.0 255.255.255.255.. correct me if my understanding is correct. this would translate to any host with any subnet mask.
Thanks
06-16-2008 02:37 PM
access-list 1 permit 0.0.0.0 255.255.255.255 means u permit any host/subnet.
Inverse masks are used to identify the range of Networks/hosts to be allowed through.Say acl 5 permit ip 192.168.200.0 0.0.0.255 will indicate allow only networks with 192.168.200 and with hosts in the range between 0-255 only.
In essence..all 0's in the wildcard portion indicate the corresponding network bit ( 192.168.200) must be an exact match & any 255 ( which is binary 1) in wildcard means permit any host between 0 to 255 range.
Instead of ur acl access-list 1 permit 0.0.0.0 255.255.255.255 ..u can indicate it as
acl 1 permit any also.Both server same task.
Pls rate/mark if this helps!!!
06-16-2008 03:29 PM
Unfortunately, he posted the question twice (8 min. apart), and already received his answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide