Everything matching is

hilferns · ‎01-19-2015

Hi

What is the relevance of this command in the following context?

access-list 1 permit 0.0.0.0

!

interface g0/1

ip address 10.1.1.1 255.255.255.0

ip access-group 1 in

Thanks

InayathUlla Sharieff · ‎01-19-2015

Everything matching is allowed.

if you use access-list 1 permit 0.0.0.0

(if no mask defined then it will apply Implicit Masks as 0.0.0.0 mask applied which means exact match only)

which means that this is acting like a matching of default route only.

hilferns · ‎01-20-2015

Thanks. So what does it really mean in terms of this access-list when you say matching a default route. This access list has been applied to an interface in the router. Does it mean that it will permit traffic from any source address?

Hilary

Eric Kang · ‎03-09-2015

Hilary,

When defining a standard access list and do not include a wildcard mask, you are specifying a particular host address. For example:

access-list 1 permit 192.168.10.10

will only permit traffic sourced from the 192.168.10.10 IP address.

Following the example above, unless you have a host with an IP of 0.0.0.0, the access list you're providing is essentially equivalent to:

access-list 1 deny any

If you would like an in-depth look on ACLs, please check out this Cisco doc on access lists:

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#standacl

and read the section titled Standard ACLs.

Regards,

Eric Kang