cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1436
Views
6
Helpful
8
Replies

access-list with first zeto octet. Is it correct?

webstd.design
Level 1
Level 1

I have seen config like:

access-list 1 permit 0.21.0.0 255.0.255.255

Can you please let me know if such config is correct and if yes, explain more

Thanks!

8 Replies 8

Peter Paluch
Cisco Employee
Cisco Employee

Hello,

This ACL is somewhat bizzare but it is not incorrect per se. It matches all packets whose source IP address has the form

x.21.x.x

where "x" is an arbitrary number (it is totally irrelevant what the value of "x" is).

I do not know what was the intention of the creator of this ACL. Therefore, it is difficult to answer the question if the ACL is correct. Syntactically - sure it is. Semantically - I do not know, that depends on what shall be accomplished with it.

Best regards,

Peter

handoko wiyanto
Level 3
Level 3

hi webstd.design,

imho,

by reading the way it wrote wildcard mask (255.0.255.255)

that command is wrong.

if we referring to the standard access list for example this is a very old cisco IOS version, (http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/stdlog.html)

the part that we write wilcard mask is by putting 1 to the host bit portion

source-wildcard

(Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:

Use a 32-bit quantity in four-part, dotted-decimal format. Place ones in the bit positions you want to ignore.

Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

regards,

Looks like it's a question from BGP exam, so should be correct

interesting!

would you mind sharing the complete question with the config that you wrote before?

regards,

after googling about this, i found (http://certcollection.org/forum/topic/51465-bgp-642-661-route-map-prepend-question/)

its correct per syntac, but we may not see it in real world

interesting discussion!

thanks,

Can you provide something like this as an example? It could be interesting questions for interview

Hi!

access-list 1 permit 0.21.0.0 255.0.255.255

such access lists are used for matching the networks. Here in the example any network with second octet of 21 will be matched.

More examles...

access-list 10 permit 192.168.0.1 0.0.0.0  [matches a host route of 192.168.0.1]

access-list 10 permit 0.16.16.0 255.0.0.255 [ matches any network which has 2nd and 3rd octet of 16]

access-list 10 permit 10.0.0.0 0.0.255.192 [ matched networks 10.0.0.0 to 10.0.255.192]

i would suggest convert wildcard to binary and match the corresponding bits with must match or match any. i.e 0 is must match and 1 is any (in case of wildcards)

let me know if this helps,

Nandan Mathure

well, i think thats gonna be one difficult question

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: