Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL- Inverse Mask

Hello,

I have a server with IP address 172.22.94.224/22 and an ACL statement in one of the ASAs as follows "access-list 145 permit ip 172.22.94.224 0.0.0.31 any"

I got confused by the inverse mask address(0.0.0.31) and I would like some clarification.

Much appreciated.

Best, ~sK

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: ACL- Inverse Mask

0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.

Wildcardmasks are very good explained in the Wikipedia-article: http://en.wikipedia.org/wiki/Wildcard_mask


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
3 REPLIES
VIP Purple

Re: ACL- Inverse Mask

if that is really an ACL from an ASA, then it's probably wrong as the ASA doesn't use the inversed wildcardmask. The router-wildcard-mask of 0.0.0.31 would be 255.255.255.224 on the ASA.


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

ACL- Inverse Mask

Sorry, the inv mask is on the 4507 not the ASA. My question is what does this statement "

access-list 145 permit ip 172.22.94.224 0.0.0.31" mean?

Best, ~sK

VIP Purple

Re: ACL- Inverse Mask

0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.

Wildcardmasks are very good explained in the Wikipedia-article: http://en.wikipedia.org/wiki/Wildcard_mask


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
258
Views
0
Helpful
3
Replies
CreatePlease login to create content