Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Basic ACL Question...

Hello All,

While going through NAT Chapter I came across a VERY BASIC doubt about Access Control List (ACL). They used ACL to match the source address /24. At one place they used following ACL to explain SIMPLE NAT:

#access-list 1 permit

and at another place they used following ACL to explain STATIC NAT (where only is STATICed):

#access-list 1 permit

Now I got a basic doubt that whats the difference between the two access-list commands WITH RESPECT TO

Hope someone can help me to stress on my GREY cells.


-v. k. s.

  • Other Network Infrastructure Subjects
New Member

Re: Basic ACL Question...


#access-list 1 permit


#access-list 1 permit

both the above should allow all hosts on network

i.e. to

this will happen because of the wild-card mask which is (00000000.0000000.00000000.11111111) and therefore needs only to match the first 24 bits of the address and ignors the last 8 bits (in binary)

to get a specific host match, try ths

#access-list 1 permit

New Member

Re: Basic ACL Question...

Just for completeness netmask can be abbreviated with the alias "host" which ges in front of the address. Therefore the list can also be written (and, if you enter what vijayendra said and then do a sho running you will see):

access-list 1 permist host



Re: Basic ACL Question...

The two ACLs that you have posted have the same meaning in its own sense.

NAT that uses ACLs are dynamic and the one without ACLs is static.

If you want to create static translations (or permanent translations per host),

just use "ip nat inside source static local-ip global-ip".

Creating ACLs for static NAT will just waste cpu resources from the router.

So don't be confused about those two examples that you have seen. Cheers.

Hope this helps.