cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
773
Views
0
Helpful
1
Replies

Problem with ACLs/ wildcard masks

clare.wood
Level 1
Level 1

We are attempting to configure an ACL on a 2600 series router.

The network that we wish to permit access from is x.x.x.128 (255.255.255.128).

In the extended ACL we are using the following syntax

access-list 101 permit ip x.x.x.128 0.0.0.128 any

The router accepts this, but when you subsequently do a show access-list 101, it shows the following

access-list 101 permit ip x.x.x.0 0.0.0.128 any

which relates to a totally different subnet (which in this case is the destination network).

This seems to happen unless 0 or 255 is used in the wildcard mask.

Has anyone encountered this/ any suggestions? is this just a display issue on the show command?

1 Reply 1

Hello,

unless this is a type, your access-list syntax does not appear to be right:

access-list 101 permit ip x.x.x.128 0.0.0.128 any

needs to read:

access-list 101 permit ip x.x.x.128 0.0.0.127 any

in order to allow network x.x.x.128. An easy rule to calculate the wildcard mask is to subtract the network (128 in this case) from 255, which in this case equals 127.

HTH,

GP