Re: Access List

admin_2 · ‎06-25-2002

Regarding the following Acess list:

<p>access-list 101 160.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0

<p>I don't understand the last portion of the Access list

<p>(the destination part 255.0.0.0 0.0.0.0) for which destination this part refers? and is it 255.0.0.0

0.0.0.0 or 255.0.0.0 0.255.255.255)

Report Inappropriate Content · ‎06-25-2002

In your case, you want to filter a supernet.

So the command is:

access-list number [permit|deny] ip prefix prefix-wild-card-bits mask mask-wild-card-bits

access 101 permit ip 160.0.0.0 0.255.255.255

will permit

160.0.0.0/8

160.0.0.0/9

160.0.0.0/10

...

Now you want to only permit 160.0.0.0/8

So you must apply a mask on the network so that

only 160.0.0.0/8 is permitted.

The mask will be:

255.0.0.0 0.0.0.0

255 means that we will use 160 and it must match --> wildcard is 0

means that the second byte must be a zero so it must match ---> wildcard is 0

same for the 2 remaining bytes.

The only mistake in the ACL is that it's missing the IP keyword.