08-13-2015 03:50 PM
Hi all,
I am having trouble understanding what this does...
Access-list 99 permit 0.0.0.0. 0.0.0.255
Interface fastethernet 0/0
ip address 192.168.1.1 255.255.255.0
ip Access-group in
08-14-2015 07:19 AM
Hello
Apprently it's permitting all packets with a source IP 0.0.0.X where first three octets are zeros (e.g. packets from network 0.0.0.0/24)
The range 0.0.0.0/8 is reserved and according to RFC-5735 page 3:
0.0.0.0/8 - Addresses in this block refer to source hosts on "this" network. Address 0.0.0.0/32 may be used as a source address for this host on this network; other addresses within 0.0.0.0/8 may be used to refer to specified hosts on this network ([RFC1122], Section 3.2.1.3).
The IP 0.0.0.0 is for instance used as a source IP in DHCP messages (DISCOVER, REQUEST) before it obtains a usable IP address. The destination in those messages is broadcast 255.255.255.255.
It seems strange that you would only want to permit that in a production network. Is there any specific reason for it?
Best regards,
Martin
08-25-2015 03:13 PM
I don't know what the reason is for. I actually just saw it on a network somewhere and wondered what it did because it didn't make much sense. I was wondering if it was blocking certain packets, allowing certain packets. But since you are saying it is DHCP related, I will just go with that? Could this statement be blocking/permitting any specific OSPF, RIP, EIGRP packets? Or even Telnet or SSH?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide