cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5917
Views
8
Helpful
5
Replies

Standard ACL Wildcard Mask Optional?

johnlloyd_13
Level 9
Level 9

hi all,

i was reading about standard ACL and came across that a standard ACL wildcard mask is optional? my understanding tells me that this could be true for classful IP. appreciate if someone can expound on this topic. below is an excerpt from what i've read. thanks in advance!

source-wildcard        (Optional)  Wildcard bits to be applied to the source.                    

                                   There are 2 ways to specify the source wildcard:

                                     - Use a 32-bit quantity in 4-part, dotted-decimal format

                                     - use the keyword any as an abbreviation for a source and

                                    source-wildcard of 0.0.0.0 255.255.255.255

1 Accepted Solution

Accepted Solutions

Hello John,

Correct I saw that I forgot the keyword host..

Regarding your question, again if you are using a subnet ( not a host) you will need to use the wildcard. The wildcard is optional because you can use instead the keyword hos ( 1 ip address) t or the keywork any ( any ip address)

Do you see it now?

Regards,

Please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

Hello John,

Based on logic I would say that its optional when you are talking about a specific ip address (host) if you are talking about a subnet you will need to use wildcard.

     Example:

               -Access-list 10 permit tcp 192.168.15.2 ( will permit traffic just for 192.168.15.2/)

               -Access-list 10 permit tcp 192.168.10.0 0.0.0.255 ( will permit traffic for that subnet)

Thats what they mean by saying its optional.

Please rate helpful posts.

Kind regards,

Julio!!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

hi julio,

thanks for the feedback! i do get for the host ACL but how about classful network? or is it safe to assume that the router knows or accept a default wildcard mask? example would be as below:

Router(config)#access-list 10 permit 192.168.15.0

i also wanted to correct on your syntax:

Router(config)#access-list 10 permit host 192.168.15.2

Hello John,

Correct I saw that I forgot the keyword host..

Regarding your question, again if you are using a subnet ( not a host) you will need to use the wildcard. The wildcard is optional because you can use instead the keyword hos ( 1 ip address) t or the keywork any ( any ip address)

Do you see it now?

Regards,

Please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

I gotcha. Thanks!

Sent from Cisco Technical Support iPhone App

Hello John,

My pleasure...

Any other question just let me know.

Kind regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco