we have extended access-list to meet the
Allow IP packets sourced from a host with address 172.16.10.1 destined for subnet 22.214.171.124 255.255.255.0.
Deny any other IP packets that are destined for the same destination subnet of 126.96.36.199.
Permit all other IP packets.
One access list that meets these requirements follows:
access-list 101 permit ip 172.16.10.1 0.0.0.0 188.8.131.52 0.0.0.255
access-list 101 deny ip 0.0.0.0 255.255.255.255 184.108.40.206 0.0.0.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
can someone explain we why on access-list
2 we have 0.0.0.0 for source IP and
255.255.255.255 for wildcard mask
With an inverse mask used in IOS access-list 255 means "don't care" or to put it another way 255 can match anything.
0.0.0.0 as an IP address means it can match any address.
So your second and third lines in your acl could be written
access-list 101 deny ip any 220.127.116.11 0.0.0.255
access-list 101 permit ip any any
which is a lot more straightforward IMHO.