cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1502
Views
0
Helpful
3
Replies

ACL- Inverse Mask

sadik.bash
Level 1
Level 1

Hello,

I have a server with IP address 172.22.94.224/22 and an ACL statement in one of the ASAs as follows "access-list 145 permit ip 172.22.94.224 0.0.0.31 any"

I got confused by the inverse mask address(0.0.0.31) and I would like some clarification.

Much appreciated.

Best, ~sK

1 Accepted Solution

Accepted Solutions

0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.

Wildcardmasks are very good explained in the Wikipedia-article: http://en.wikipedia.org/wiki/Wildcard_mask


Sent from Cisco Technical Support iPad App

View solution in original post

3 Replies 3

if that is really an ACL from an ASA, then it's probably wrong as the ASA doesn't use the inversed wildcardmask. The router-wildcard-mask of 0.0.0.31 would be 255.255.255.224 on the ASA.


Sent from Cisco Technical Support iPad App

Sorry, the inv mask is on the 4507 not the ASA. My question is what does this statement "

access-list 145 permit ip 172.22.94.224 0.0.0.31" mean?

Best, ~sK

0.0.0.31 is a mask that has 27 bits set to 0 (match) and five bits set to one (don't match). With that mask in the ACL you allow 32 addresses, in your case from 172.22.94.224 to 172.22.94.255.

Wildcardmasks are very good explained in the Wikipedia-article: http://en.wikipedia.org/wiki/Wildcard_mask


Sent from Cisco Technical Support iPad App

Review Cisco Networking for a $25 gift card