Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wild Card Masks ....

Consider the following ACL statement,

access-list 101 permit ip 202.160.13.10 0.12.80.0 any

unlike to many other ACLs,this doesnt follow the subnet sequence (e.g.access-list 40 deny 192.168.20.16 0.0.0.15).

So what do you think the above mentioned ACL statement mean? I mean which source addresses would be allowed in the above mentioned ACL ?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Wild Card Masks ....

I did it in my head, so my explanation will be a bit intuitive and unrigorous. OK, looking at the mask and breaking it down to bits:

12 = 0000 1100 = 8+4

80 = 0101 0000 = 64+16

So, y is 160 plus any combination of 4 and 8, i.e. 160, (160+4), (160+8), (160+8+4)

Similarly, x is 13, plus any combination of 16 and 64, i.e. 13, (13+16), (13+64), (13+64+16)

But first I checked that 160 did not have the 4 bit or the 8 bit set, otherwise the statement would have got modified as you type it in.

Similarly, I checked that 13 did not have the 16 bit or the 64 bit set.

Kevin Dorrell

Luxembourg

6 REPLIES

Re: Wild Card Masks ....

Either this is a mistake, or it was designed by someone who is very clever at access lists. ;-)

It allows 202.x.y.10, where:

x = 160, 164, 168, 172

y = 13, 29, 77, 93

I hope I got that right, but I'm sure someone will check my working.

Kevin Dorrell

Luxembourg

New Member

Re: Wild Card Masks ....

well it wasnt a mistake for sure ...

thanks for your reply Kevin, but could you please explain your working?

regards

Re: Wild Card Masks ....

I did it in my head, so my explanation will be a bit intuitive and unrigorous. OK, looking at the mask and breaking it down to bits:

12 = 0000 1100 = 8+4

80 = 0101 0000 = 64+16

So, y is 160 plus any combination of 4 and 8, i.e. 160, (160+4), (160+8), (160+8+4)

Similarly, x is 13, plus any combination of 16 and 64, i.e. 13, (13+16), (13+64), (13+64+16)

But first I checked that 160 did not have the 4 bit or the 8 bit set, otherwise the statement would have got modified as you type it in.

Similarly, I checked that 13 did not have the 16 bit or the 64 bit set.

Kevin Dorrell

Luxembourg

New Member

Re: Wild Card Masks ....

I agree with Kevin's working, the wildcard works in binary and when written in binary where there is a 1 then a 1 or a 0 is allowed in the equivalent bit position in the IP address. Where there is a zero it has to be an exact match. Thus if you turn 12 and 80 into binary bit patterns, match them against corresponding binary addresses positions the allowable positions are those given by kevin.

New Member

Re: Wild Card Masks ....

Thanks a lot

:)

New Member

Re: Wild Card Masks ....

Thanks alot for your reply Kevin I have a better understanding of ACL's now, so am I correct in assuming from the earlier problem

Ex : 202.20.20.13 0.12.80.0

That obviously 202, and 13 remain, however

20 is at .12

Meaning that

12 = 0000 1100 = 8 8+4

and

20 is at .80

80 = 1100 0000 = 84 64+16

combination of

202.20.20.13

202.28.84.13

202.32.100.13

112
Views
0
Helpful
6
Replies