06-20-2012 03:11 AM - edited 03-04-2019 04:44 PM
I have seen config like:
access-list 1 permit 0.21.0.0 255.0.255.255
Can you please let me know if such config is correct and if yes, explain more
Thanks!
06-20-2012 03:24 AM
Hello,
This ACL is somewhat bizzare but it is not incorrect per se. It matches all packets whose source IP address has the form
x.21.x.x
where "x" is an arbitrary number (it is totally irrelevant what the value of "x" is).
I do not know what was the intention of the creator of this ACL. Therefore, it is difficult to answer the question if the ACL is correct. Syntactically - sure it is. Semantically - I do not know, that depends on what shall be accomplished with it.
Best regards,
Peter
06-20-2012 04:16 AM
hi webstd.design,
imho,
by reading the way it wrote wildcard mask (255.0.255.255)
that command is wrong.
if we referring to the standard access list for example this is a very old cisco IOS version, (http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/stdlog.html)
the part that we write wilcard mask is by putting 1 to the host bit portion
regards,
06-20-2012 04:21 AM
Looks like it's a question from BGP exam, so should be correct
06-20-2012 04:56 AM
interesting!
would you mind sharing the complete question with the config that you wrote before?
regards,
06-20-2012 05:01 AM
after googling about this, i found (http://certcollection.org/forum/topic/51465-bgp-642-661-route-map-prepend-question/)
its correct per syntac, but we may not see it in real world
interesting discussion!
thanks,
06-20-2012 05:40 AM
Can you provide something like this as an example? It could be interesting questions for interview
06-20-2012 05:53 AM
Hi!
access-list 1 permit 0.21.0.0 255.0.255.255
such access lists are used for matching the networks. Here in the example any network with second octet of 21 will be matched.
More examles...
access-list 10 permit 192.168.0.1 0.0.0.0 [matches a host route of 192.168.0.1]
access-list 10 permit 0.16.16.0 255.0.0.255 [ matches any network which has 2nd and 3rd octet of 16]
access-list 10 permit 10.0.0.0 0.0.255.192 [ matched networks 10.0.0.0 to 10.0.255.192]
i would suggest convert wildcard to binary and match the corresponding bits with must match or match any. i.e 0 is must match and 1 is any (in case of wildcards)
let me know if this helps,
Nandan Mathure
06-21-2012 12:06 AM
well, i think thats gonna be one difficult question
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide