cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
245
Views
0
Helpful
3
Replies

Basic ACL Question...

Hello All,

While going through NAT Chapter I came across a VERY BASIC doubt about Access Control List (ACL). They used ACL to match the source address 10.0.0.0 /24. At one place they used following ACL to explain SIMPLE NAT:

#access-list 1 permit 10.0.0.1 0.0.0.255

and at another place they used following ACL to explain STATIC NAT (where only 10.0.0.1 is STATICed):

#access-list 1 permit 10.0.0.0 0.0.0.255

Now I got a basic doubt that whats the difference between the two access-list commands WITH RESPECT TO 10.0.0.1.

Hope someone can help me to stress on my GREY cells.

regards,

-v. k. s.

3 Replies 3

p-hogan
Level 1
Level 1

Hi

#access-list 1 permit 10.0.0.1 0.0.0.255

and

#access-list 1 permit 10.0.0.0 0.0.0.255

both the above should allow all hosts on network 10.0.0.0

i.e. 10.0.0.1 to 10.0.0.255

this will happen because of the wild-card mask which is 0.0.0.255 (00000000.0000000.00000000.11111111) and therefore needs only to match the first 24 bits of the address and ignors the last 8 bits (in binary)

to get a specific host match, try ths

#access-list 1 permit 10.0.0.1 0.0.0.0

Just for completeness netmask 0.0.0.0 can be abbreviated with the alias "host" which ges in front of the address. Therefore the list can also be written (and, if you enter what vijayendra said and then do a sho running you will see):

access-list 1 permist host 10.0.0.1

Fabio

The two ACLs that you have posted have the same meaning in its own sense.

NAT that uses ACLs are dynamic and the one without ACLs is static.

If you want to create static translations (or permanent translations per host),

just use "ip nat inside source static local-ip global-ip".

Creating ACLs for static NAT will just waste cpu resources from the router.

So don't be confused about those two examples that you have seen. Cheers.

Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: