Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Basic ACL Question...

Hello All,

While going through NAT Chapter I came across a VERY BASIC doubt about Access Control List (ACL). They used ACL to match the source address 10.0.0.0 /24. At one place they used following ACL to explain SIMPLE NAT:

#access-list 1 permit 10.0.0.1 0.0.0.255

and at another place they used following ACL to explain STATIC NAT (where only 10.0.0.1 is STATICed):

#access-list 1 permit 10.0.0.0 0.0.0.255

Now I got a basic doubt that whats the difference between the two access-list commands WITH RESPECT TO 10.0.0.1.

Hope someone can help me to stress on my GREY cells.

regards,

-v. k. s.

1 REPLY

Re: Basic ACL Question...

These are indeed two different ways of writing the same access-list.

In: #access-list 1 permit 10.0.0.1 0.0.0.255, the last digit of the IP adress is irrelevant, as it falls within the wildcard boundary.

You can check this by doing a sh run or sh access-list. The last digit will be ignored by the IOS and you will see: #access-list 1 permit 10.0.0.0 0.0.0.255

The access-list to permit only 10.0.0.1would be :

#access-list 1 permit 10.0.0.1

92
Views
0
Helpful
1
Replies
CreatePlease to create content