How to configure an inverse mask for ACLs

Document

Jun 22, 2009 4:07 PM
Jun 22nd, 2009

Resolution

Masks are used with IP addresses in IP Access Control Lists (ACLs) to specify what should be permitted and denied.

Masks to configure IP addresses on interfaces start with 255 and have the large values on the left side (for example, IP address 209.165.202.129 with a 255.255.255.224 mask).

Masks for IP ACLs are the reverse (for example, mask 0.0.0.255). This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is broken down into binary (0s and 1s), the results determine which address bits are to be considered in processing the traffic. A 0 indicates that the address bits must be considered (exact match). A 1 in the mask is a "don't care."

The ACL inverse mask is determined by subtracting the normal mask from 255.255.255.255.

For more information, refer to the Masks section of the Configuring IP Access Lists document.

Type of Filtering

Access lists / Packet filtering

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 22, 2009 at 4:07 PM
Stats:
Comments:0 Avg. Rating:0
Views:1520 Contributors:0
Shares:0

Related Content

Documents Leaderboard