Solved: Re: ACL- Inverse Mask

sadik.bash · ‎11-22-2013

Hello,

I have a server with IP address 172.22.94.224/22 and an ACL statement in one of the ASAs as follows "access-list 145 permit ip 172.22.94.224 0.0.0.31 any"

I got confused by the inverse mask address(0.0.0.31) and I would like some clarification.

Much appreciated.

Best, ~sK

Karsten Iwen · ‎11-22-2013

0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.

Wildcardmasks are very good explained in the Wikipedia-article: http://en.wikipedia.org/wiki/Wildcard_mask

Sent from Cisco Technical Support iPad App

View solution in original post

Karsten Iwen · ‎11-22-2013

if that is really an ACL from an ASA, then it's probably wrong as the ASA doesn't use the inversed wildcardmask. The router-wildcard-mask of 0.0.0.31 would be 255.255.255.224 on the ASA.

Sent from Cisco Technical Support iPad App

sadik.bash · ‎11-22-2013

Sorry, the inv mask is on the 4507 not the ASA. My question is what does this statement "

access-list 145 permit ip 172.22.94.224 0.0.0.31" mean?

Best, ~sK

Karsten Iwen · ‎11-22-2013

0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.

Wildcardmasks are very good explained in the Wikipedia-article: http://en.wikipedia.org/wiki/Wildcard_mask

Sent from Cisco Technical Support iPad App