Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
773
Views
0
Helpful
1
Replies

Problem with ACLs/ wildcard masks

clare.wood
Level 1
Level 1

‎11-19-2004 01:23 AM - edited ‎03-02-2019 08:03 PM

We are attempting to configure an ACL on a 2600 series router.

The network that we wish to permit access from is x.x.x.128 (255.255.255.128).

In the extended ACL we are using the following syntax

access-list 101 permit ip x.x.x.128 0.0.0.128 any

The router accepts this, but when you subsequently do a show access-list 101, it shows the following

access-list 101 permit ip x.x.x.0 0.0.0.128 any

which relates to a totally different subnet (which in this case is the destination network).

This seems to happen unless 0 or 255 is used in the wildcard mask.

Has anyone encountered this/ any suggestions? is this just a display issue on the show command?

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎11-19-2004 01:44 AM

Hello,

unless this is a type, your access-list syntax does not appear to be right:

access-list 101 permit ip x.x.x.128 0.0.0.128 any

needs to read:

access-list 101 permit ip x.x.x.128 0.0.0.127 any

in order to allow network x.x.x.128. An easy rule to calculate the wildcard mask is to subtract the network (128 in this case) from 255, which in this case equals 127.

HTH,

GP

0 Helpful
Customers Also Viewed These Support Documents