Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-list

Hello,

Very basic question..which is throwing me off.

We never use this in Production environment. But when we have an access-list like following

access-list 1 permit 0.0.0.0 255.255.255.255

This means..we are allowing any host ( 0.0.0.0) and what is confusing me is 255.255.255.255.. ( Does this mean any subnet).

Usuallay in access-list we use inverse mask. so if it's /24 our statement would be something like this

access-list 1 permit 0.0.0.0 0.0.0.255 and this would translate to any host ( 0.0.0.0) with a subnet of /24.

But 0.0.0.0 255.255.255.255.. correct me if my understanding is correct. this would translate to any host with any subnet mask.

Thanks

2 REPLIES
Bronze

Re: Access-list

access-list 1 permit 0.0.0.0 255.255.255.255 means u permit any host/subnet.

Inverse masks are used to identify the range of Networks/hosts to be allowed through.Say acl 5 permit ip 192.168.200.0 0.0.0.255 will indicate allow only networks with 192.168.200 and with hosts in the range between 0-255 only.

In essence..all 0's in the wildcard portion indicate the corresponding network bit ( 192.168.200) must be an exact match & any 255 ( which is binary 1) in wildcard means permit any host between 0 to 255 range.

Instead of ur acl access-list 1 permit 0.0.0.0 255.255.255.255 ..u can indicate it as

acl 1 permit any also.Both server same task.

Pls rate/mark if this helps!!!

Re: Access-list

Unfortunately, he posted the question twice (8 min. apart), and already received his answer.

89
Views
0
Helpful
2
Replies
CreatePlease to create content