Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
0
Helpful
1
Replies

Access-list match

bapatsubodh
Level 1
Level 1

‎06-15-2010 05:59 PM - edited ‎03-04-2019 08:47 AM

hi

If access-list configured to match the packets used for NAT is as follows

ip access-list ext abcd

permit ip 10.1.1.0   0.0.0.32 any

Which packets will be matched ?

If wild card mask  is  0.0.0.31 things are normal.

please share the experiene.

thanks

Subodh

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎06-15-2010 08:08 PM

Subodh

As you should be aware in the wildcard mask a binary 0 is a bit that must match and a binary 1 is a bit that may vary.

So in your mask of 0.0.0.32 the first 3 octets must match exactly (it must be 10.1.1). The mask of the fourth octet has a single binary 1. It may help to write out the 4 octet in binary ( 00100000). So for this mask there are exactly 2 values of the address that will match the mask. These values are 10.1.1.0 and 10.1.1.32.

As your comment indicates this mask is quite unusual in an access list. It is much more common to have the mask be the inverse of common subnet masks (such as the mask .31 which is the inverse of mask 224).

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents