ACLs -help please

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hello- i have been reading through the chapter on ACLs -I have a couple
of points I need help with please-firstly -is the "any any" syntax the
same as 0.0.0.0 255.255.255.255? and when I use "host" that replaces
the wildcard mask-eg access-list 1 permit host 192.168.10.1--would this
be the same as access-list 1 permit 192.168.10.1 0.0.0.1 ?
Many thanks


Re: ACLs -help please
Hi

From my understanding, you got the first part right. 'any any' is the same
as 0.0.0.0 255.255.255.255

The host syntax substitutes the mask as 0.0.0.0
In your example, permit host 192.168.10.1 is the same as permit 192.168.10.1
0.0.0.0

Hope that I have this right and haven't confused the matter.

D

Quoted text here. Click to load it



Re: ACLs -help please
Thanks- did I get the mask right 0.0.0.1? for host- would it be
0.0.0.178, if the host address was 192.168.10.178? TIA
Danny wrote:
Quoted text here. Click to load it


Re: ACLs -help please
No, the mask doesn't contain any part of the address.  It just shows you WHICH
BITS in the address you are interested in matching.  Remember, the decimal
notation is just for convenience of typing them in; addresses and masks are
converted to 32 binary bits for all actual operations.  In a WILDCARD mask, a
ONE bit indicates that that position is WILD, i.e., that it can contain any
value.  A zero bit is not wild, it denotes a position that must match exactly.
A mask of all ones is all wild--anything goes.  Thus, 255.255.255.255 in the
wildcard mask corresponds to the keyword "any".  A mask of all zeros has nothing
wild--the address must match your specification exactly in order to pass the
test.  Thus a mask of 0.0.0.0 corresponds to the keyword "host".  Combinations
of bits between these two extremes let you select which parts of the address
field you want to examine, and which parts you don't care about.

gregg johnstone wrote:
Quoted text here. Click to load it


Re: ACLs -help please
Ok so to confirm -to permit or deny 192.168.10.178 I would use
(assuming a subnet mask of 255.255.255.224) 0.0.0.0 or host.?
Please xecuse my ignorance ;-)
Mike Dorn wrote:
Quoted text here. Click to load it


Re: ACLs -help please
You can either use host or 0.0.0.0. It both means the same.

Quoted text here. Click to load it



Re: ACLs -help please
thanks for clearing that up
CCNA Nerd wrote:
Quoted text here. Click to load it


Re: ACLs -help please

gregg johnstone wrote:
Quoted text here. Click to load it

Many fine comments previously. I thought that it was worth
mentioning that the router actually translates a
wildcard mask of 0.0.0.0 *into* the keyword host
and the mask of 255.255.255.255 into the keyword any
so you *never* see these masks explicitly in config files.

IOS 12.4(8) on 837 but I have seen this over a long time

temp#sh access-l 101

temp#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
temp(config)#access-l 101 permit ip 1.2.3.4 255.255.255.255 5.6.7.8
0.0.0.0
temp(config)#^Z
temp#sh access-l 101
Extended IP access list 101
    10 permit ip any host 5.6.7.8
temp#


Site Timeline