You made a misconfiguration and the router did "exactly" what you told it to do. When you put the mask as 255.255.255.0 then the ACL determined that nothing in the first 3 octets must match. So even though you input the ACL with numbers in the first 3 octets the IOS determined that the appropriate value in the first 3 octets was 0, since the mask says that they do not matter. Then the 4th octet where your mask says that it does matter, you input with 0 in the 4th octet.
So I would say that yes it is "normal" the IOS followed its normal logic of how to interpret the mask of ACL and did exactly what you told it to do. Except that is not what you WANTED it to do. But it is what you told it to do.
There is a difficult decision to determine whether the command line command that was input was a conceptual mistake or whether the person was attempting to accomplish some subtle distinction. Most of the time the IOS just accepts the configuration statement and that is what happened in your situation.
Every time that I am running Windows software and attempt to do something and Windows changes it (because it thinks that it knows better what is logical) I am reminded of the dangers of overriding the user input.
I only ask for any IOS "warning message", because I know the way to put a "dont care" bit on the network address, and believe me, in this case I didnt want that result. It was only a simple sintaxis error, but I never thought that IOS could change the three first octets!!.
In this particular case I wished IOS send me a "warning message" (like IOS do with a duplicated IP address on interface configuration).
What is the logical intention to put any number greater than zero on any address octet if on the wildcard mask octet by octet I put 255??
If as you says "most of the time the IOS accepts the configuration" , Its all right, but as I typed it or simply do not accept the command line.
What you think?
Do you think it could be a way to improve and to ensure the ACLs use?
There are some dangers on normal ACLs use and application, this "warning message" could be more safe the ACLs, beginning with a sintaxis validation.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...