Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Standard ACL Wildcard Mask Optional?

hi all,

i was reading about standard ACL and came across that a standard ACL wildcard mask is optional? my understanding tells me that this could be true for classful IP. appreciate if someone can expound on this topic. below is an excerpt from what i've read. thanks in advance!

source-wildcard        (Optional)  Wildcard bits to be applied to the source.                    

                                   There are 2 ways to specify the source wildcard:

                                     - Use a 32-bit quantity in 4-part, dotted-decimal format

                                     - use the keyword any as an abbreviation for a source and

                                    source-wildcard of 0.0.0.0 255.255.255.255

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

Standard ACL Wildcard Mask Optional?

Hello John,

Correct I saw that I forgot the keyword host..

Regarding your question, again if you are using a subnet ( not a host) you will need to use the wildcard. The wildcard is optional because you can use instead the keyword hos ( 1 ip address) t or the keywork any ( any ip address)

Do you see it now?

Regards,

Please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
5 REPLIES

Standard ACL Wildcard Mask Optional?

Hello John,

Based on logic I would say that its optional when you are talking about a specific ip address (host) if you are talking about a subnet you will need to use wildcard.

     Example:

               -Access-list 10 permit tcp 192.168.15.2 ( will permit traffic just for 192.168.15.2/)

               -Access-list 10 permit tcp 192.168.10.0 0.0.0.255 ( will permit traffic for that subnet)

Thats what they mean by saying its optional.

Please rate helpful posts.

Kind regards,

Julio!!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Re: Standard ACL Wildcard Mask Optional?

hi julio,

thanks for the feedback! i do get for the host ACL but how about classful network? or is it safe to assume that the router knows or accept a default wildcard mask? example would be as below:

Router(config)#access-list 10 permit 192.168.15.0

i also wanted to correct on your syntax:

Router(config)#access-list 10 permit host 192.168.15.2

Standard ACL Wildcard Mask Optional?

Hello John,

Correct I saw that I forgot the keyword host..

Regarding your question, again if you are using a subnet ( not a host) you will need to use the wildcard. The wildcard is optional because you can use instead the keyword hos ( 1 ip address) t or the keywork any ( any ip address)

Do you see it now?

Regards,

Please rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Re: Standard ACL Wildcard Mask Optional?

Hi Julio,

I gotcha. Thanks!

Sent from Cisco Technical Support iPhone App

Standard ACL Wildcard Mask Optional?

Hello John,

My pleasure...

Any other question just let me know.

Kind regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3862
Views
8
Helpful
5
Replies
CreatePlease to create content