Specific Access List Entry Meaning?

aaronshum · ‎08-13-2015

Hi all,

I am having trouble understanding what this does...

Access-list 99 permit 0.0.0.0. 0.0.0.255

Interface fastethernet 0/0
ip address 192.168.1.1 255.255.255.0
ip Access-group in

Martin Hruby · ‎08-14-2015

Hello

Apprently it's permitting all packets with a source IP 0.0.0.X where first three octets are zeros (e.g. packets from network 0.0.0.0/24)

The range 0.0.0.0/8 is reserved and according to RFC-5735 page 3:

0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
network.  Address 0.0.0.0/32 may be used as a source address for this
host on this network; other addresses within 0.0.0.0/8 may be used to
refer to specified hosts on this network ([RFC1122], Section 3.2.1.3).

The IP 0.0.0.0 is for instance used as a source IP in DHCP messages (DISCOVER, REQUEST) before it obtains a usable IP address. The destination in those messages is broadcast 255.255.255.255.

It seems strange that you would only want to permit that in a production network. Is there any specific reason for it?

Best regards,
Martin

aaronshum · ‎08-25-2015

I don't know what the reason is for. I actually just saw it on a network somewhere and wondered what it did because it didn't make much sense. I was wondering if it was blocking certain packets, allowing certain packets. But since you are saying it is DHCP related, I will just go with that? Could this statement be blocking/permitting any specific OSPF, RIP, EIGRP packets? Or even Telnet or SSH?