Access-list

shassan655 · ‎06-16-2008

Hello,

Very basic question..which is throwing me off.

We never use this in Production environment. But when we have an access-list like following

access-list 1 permit 0.0.0.0 255.255.255.255

This means..we are allowing any host ( 0.0.0.0) and what is confusing me is 255.255.255.255.. ( Does this mean any subnet).

Usuallay in access-list we use inverse mask. so if it's /24 our statement would be something like this

access-list 1 permit 0.0.0.0 0.0.0.255 and this would translate to any host ( 0.0.0.0) with a subnet of /24.

But 0.0.0.0 255.255.255.255.. correct me if my understanding is correct. this would translate to any host with any subnet mask.

Thanks

foxbatreco · ‎06-16-2008

access-list 1 permit 0.0.0.0 255.255.255.255 means u permit any host/subnet.

Inverse masks are used to identify the range of Networks/hosts to be allowed through.Say acl 5 permit ip 192.168.200.0 0.0.0.255 will indicate allow only networks with 192.168.200 and with hosts in the range between 0-255 only.

In essence..all 0's in the wildcard portion indicate the corresponding network bit ( 192.168.200) must be an exact match & any 255 ( which is binary 1) in wildcard means permit any host between 0 to 255 range.

Instead of ur acl access-list 1 permit 0.0.0.0 255.255.255.255 ..u can indicate it as

acl 1 permit any also.Both server same task.

Pls rate/mark if this helps!!!

michael.leblanc · ‎06-16-2008

Unfortunately, he posted the question twice (8 min. apart), and already received his answer.