Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL

Hi

The following example permits 192.108.0.0/16 only

access-list 101 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0

but it recognised by ISO like this

access-list 101 permit ip host 192.108.0.0 host 255.255.0.0

ISO 12.2T ( C2600, C3600)

Does anybody have any idea ?

2 REPLIES

Re: ACL

hi

The ACL have to be changed like this ...

access-list 101 permit ip 192.108.0.0 0.0.255.255 any

as per your statement 192.108.0.0 0.0.0.0 it matches all the bits of the address space and takes as a single host.

the samething is happening for the next statement which is again 255.255.0.0 0.0.0.0 which is again matching all the bits and bringing it as a simple single host.

also the statements related to the mask value in ACLs differs with the ip route statement.

In ACLs all zeros basically tells that all the 4 octets has to match the defined value.

all 1s (whichs 255) will be the other way around and will permit all the hosts by default without checking.

so this statement with 192.108.0.0 0.0.255.255 will check the first 2 octets which is 192 , 108 and wont check anything else in 3rd octet or the 4th octet.

once the values of the first 2 octets are confirmed within the defined vlalue it will permit if it doesnt then it will drop the packet coz of the default implicit deny command after each and every ACL statement.

regds

New Member

Re: ACL

Hi, spremkumar

I thinks you need this link...

http://www.cisco.com/warp/public/459/22.html

thanks

171
Views
0
Helpful
2
Replies