Re: access lists

carl_townshend · ‎11-28-2006

Hi all, on an access list , what woulf wildcard 0.0.0.15 mean ?

Collin Clark · ‎11-28-2006

http://www.rhyshaden.com/ipadd.htm

icabrera · ‎11-28-2006

Hi, the wildcard tells what bits you want to ignore (bit set to 1) or not (bit set to 0) in a access-list.

For example, if you have 172.20.12.10 0.0.0.255, these means that with your access-list you are looking for all the addresses from 172.20.12.0 to 172.20.12.255 (you don't mind your last 8 bits)

With 0.0.0.15 you don't mind last four bits.

Next url can be useful for you:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_feature_guide09186a0080080edd.html#xtocid9

Regards

Hope this helps, if so pls rate post

sourabhagarwal · ‎11-28-2006

Hi Carl,

wild card 0.0.0.15 means that you are creating ACL for source or/and destination network whose subnet mask is 255.255.255.240

for e.g, you want to restrict machines in 10.0.0.0/28 (/28=255.255.255.240) subnet to access anything, then your ACl would look like this.

access-list 110 deny ip 10.0.0.0 0.0.0.15 any

rate if it helps or let me know if you any question.

carl_townshend · ‎11-30-2006

so all you do is minus the mask from 255 ?

Collin Clark · ‎11-30-2006

No that will not work. Please review the website I provided, it explains how to calculate it.

sourabhagarwal · ‎12-01-2006

to find wild card mask, you need to subtract subnet mask from 255.255.255.255

so for e.g if you want to find out wild card mask for 255.255.255.240 subnet mask, you will do 255.255.255.255 - 255.255.255.240 = 0.0.0.15 (wild card mask)

there are other ways too to calculate wild card mask .... depends which one you find easier to work with ....

hope it help ... rate if it does ...