Access-list match

Unanswered Question
Jun 15th, 2010
User Badges:

hi


If access-list configured to match the packets used for NAT is as follows



ip access-list ext abcd

permit ip 10.1.1.0   0.0.0.32 any


Which packets will be matched ?


If wild card mask  is  0.0.0.31 things are normal.


please share the experiene.


thanks

Subodh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 06/15/2010 - 20:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Subodh


As you should be aware in the wildcard mask a binary 0 is a bit that must match and a binary 1 is a bit that may vary.

So in your mask of 0.0.0.32 the first 3 octets must match exactly (it must be 10.1.1). The mask of the fourth octet has a single binary 1. It may help to write out the 4 octet in binary ( 00100000). So for this mask there are exactly 2 values of the address that will match the mask. These values are 10.1.1.0 and 10.1.1.32.


As your comment indicates this mask is quite unusual in an access list. It is much more common to have the mask be the inverse of common subnet masks (such as the mask .31 which is the inverse of mask 224).


HTH


Rick

Actions

This Discussion