Access List Repetitive Entry Question

echo3whiskey · ‎12-07-2020

I am following up on a switch config that a consultant did for us - and the guy that did the work is no longer with the company. Can anyone tell me what the purpose of the following entry under a extended access list:

permit ip 192.168.79.0 0.0.0.255 192.168.79.0 0.0.0.255

Permit an IP to itself? seems very pointless and weird. Same entry in several extended access lists (different vlans).

Georg Pauwen · ‎12-07-2020

Hello,

hard to say. Can you post the entire configuration ?

Richard Burts · ‎12-07-2020

I agree that we do not have enough information to understand the issue or to give good advice. So the config would be helpful. Also a diagram of the topology would be helpful. Also helpful would be explanation of what 192.168.79.0 is. Is this an inside network? an outside network?

Based on the little that we know I would suggest one way in which this acl entry could make sense. Think about a situation where some L3 device (might be router might be switch) has subnetted 192.168.79.0 into 4 subnets

192.168.79.0/26 is inside

192.168.79.64/26 is outside

192.168.79.128/26 is inside

192.168.79.192/26 is outside

The acl in the original post would allow these subnets to communicate and saves the effort of listing individual subnets in the acl.

[edit] It would be really helpful to understand how this acl is applied

HTH

Rick

johnlloyd_13 · ‎12-08-2020

hi,

does it get an ACL hit or has 'log' enabled on it?

issue a show access-list to verify.