Standard ACL Wildcard Mask Optional?

Answered Question
Dec 15th, 2011
User Badges:
  • Blue, 1500 points or more

hi all,


i was reading about standard ACL and came across that a standard ACL wildcard mask is optional? my understanding tells me that this could be true for classful IP. appreciate if someone can expound on this topic. below is an excerpt from what i've read. thanks in advance!


source-wildcard        (Optional)  Wildcard bits to be applied to the source.                    

                                   There are 2 ways to specify the source wildcard:

                                     - Use a 32-bit quantity in 4-part, dotted-decimal format

                                     - use the keyword any as an abbreviation for a source and

                                    source-wildcard of 0.0.0.0 255.255.255.255

Correct Answer by Julio Carvajal about 5 years 8 months ago

Hello John,


Correct I saw that I forgot the keyword host..


Regarding your question, again if you are using a subnet ( not a host) you will need to use the wildcard. The wildcard is optional because you can use instead the keyword hos ( 1 ip address) t or the keywork any ( any ip address)


Do you see it now?



Regards,


Please rate helpful posts.



Julio

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (3 ratings)
Loading.
Julio Carvajal Thu, 12/15/2011 - 21:27
User Badges:
  • Purple, 4500 points or more

Hello John,


Based on logic I would say that its optional when you are talking about a specific ip address (host) if you are talking about a subnet you will need to use wildcard.


     Example:


               -Access-list 10 permit tcp 192.168.15.2 ( will permit traffic just for 192.168.15.2/)

               -Access-list 10 permit tcp 192.168.10.0 0.0.0.255 ( will permit traffic for that subnet)


Thats what they mean by saying its optional.


Please rate helpful posts.


Kind regards,


Julio!!!

johnlloyd_13 Thu, 12/15/2011 - 23:26
User Badges:
  • Blue, 1500 points or more

hi julio,


thanks for the feedback! i do get for the host ACL but how about classful network? or is it safe to assume that the router knows or accept a default wildcard mask? example would be as below:


Router(config)#access-list 10 permit 192.168.15.0


i also wanted to correct on your syntax:


Router(config)#access-list 10 permit host 192.168.15.2

Correct Answer
Julio Carvajal Fri, 12/16/2011 - 06:58
User Badges:
  • Purple, 4500 points or more

Hello John,


Correct I saw that I forgot the keyword host..


Regarding your question, again if you are using a subnet ( not a host) you will need to use the wildcard. The wildcard is optional because you can use instead the keyword hos ( 1 ip address) t or the keywork any ( any ip address)


Do you see it now?



Regards,


Please rate helpful posts.



Julio

johnlloyd_13 Fri, 12/16/2011 - 15:56
User Badges:
  • Blue, 1500 points or more

Hi Julio,


I gotcha. Thanks!


Sent from Cisco Technical Support iPhone App

Julio Carvajal Fri, 12/16/2011 - 16:02
User Badges:
  • Purple, 4500 points or more

Hello John,


My pleasure...


Any other question just let me know.


Kind regards,


Julio

Actions

This Discussion

Related Content