Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

access-list with first zeto octet. Is it correct?

I have seen config like:

access-list 1 permit 0.21.0.0 255.0.255.255

Can you please let me know if such config is correct and if yes, explain more

Thanks!

Everyone's tags (4)
8 REPLIES
Cisco Employee

access-list with first zeto octet. Is it correct?

Hello,

This ACL is somewhat bizzare but it is not incorrect per se. It matches all packets whose source IP address has the form

x.21.x.x

where "x" is an arbitrary number (it is totally irrelevant what the value of "x" is).

I do not know what was the intention of the creator of this ACL. Therefore, it is difficult to answer the question if the ACL is correct. Syntactically - sure it is. Semantically - I do not know, that depends on what shall be accomplished with it.

Best regards,

Peter

Community Member

Re: access-list with first zeto octet. Is it correct?

hi webstd.design,

imho,

by reading the way it wrote wildcard mask (255.0.255.255)

that command is wrong.

if we referring to the standard access list for example this is a very old cisco IOS version, (http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/stdlog.html)

the part that we write wilcard mask is by putting 1 to the host bit portion

source-wildcard

(Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:

Use a 32-bit quantity in four-part, dotted-decimal format. Place ones in the bit positions you want to ignore.

Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

regards,

Community Member

access-list with first zeto octet. Is it correct?

Looks like it's a question from BGP exam, so should be correct

Community Member

access-list with first zeto octet. Is it correct?

interesting!

would you mind sharing the complete question with the config that you wrote before?

regards,

Community Member

access-list with first zeto octet. Is it correct?

after googling about this, i found (http://certcollection.org/forum/topic/51465-bgp-642-661-route-map-prepend-question/)

its correct per syntac, but we may not see it in real world

interesting discussion!

thanks,

Community Member

access-list with first zeto octet. Is it correct?

Can you provide something like this as an example? It could be interesting questions for interview

access-list with first zeto octet. Is it correct?

Hi!

access-list 1 permit 0.21.0.0 255.0.255.255

such access lists are used for matching the networks. Here in the example any network with second octet of 21 will be matched.

More examles...

access-list 10 permit 192.168.0.1 0.0.0.0  [matches a host route of 192.168.0.1]

access-list 10 permit 0.16.16.0 255.0.0.255 [ matches any network which has 2nd and 3rd octet of 16]

access-list 10 permit 10.0.0.0 0.0.255.192 [ matched networks 10.0.0.0 to 10.0.255.192]

i would suggest convert wildcard to binary and match the corresponding bits with must match or match any. i.e 0 is must match and 1 is any (in case of wildcards)

let me know if this helps,

Nandan Mathure

Community Member

access-list with first zeto octet. Is it correct?

well, i think thats gonna be one difficult question

778
Views
4
Helpful
8
Replies
CreatePlease to create content