Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
5
Helpful
5
Replies

access-list

rajivrajan1
Level 3
Level 3

‎09-05-2008 05:43 AM - edited ‎03-03-2019 11:25 PM

hi friends,

Need a clarification.If an access-list has been created with out any wild card mask , the mask defaults to 0.0.0.0

so what will happen to the below access-lists.

permit ip 10.1.0.0

permit ip 10.0.1.0

permit ip 192.168.0.0

permit ip 172.16.0.0

im seeing some matches on these access-lists ,how can these lists can be matched when there is no specific?

Labels:
0 Helpful
5 Replies 5

singhsaju
Level 4
Level 4

‎09-05-2008 06:42 AM

Hello,

It may be matching the route entries in the routing table.

How and where are using this access-list?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎09-05-2008 06:46 AM

Rajeev

You start with a very valid observation that the default mask is 0.0.0.0, which indicates an exact match. So your access list is equivalent to:

permit ip 10.1.0.0 0.0.0.0

permit ip 10.0.1.0 0.0.0.0

permit ip 192.168.0.0 0.0.0.0

permit ip 172.16.0.0 0.0.0.0

So the first 2 lines could legitimately be host addresses and the last 2 lines would be network addresses. You have not told us how the access list is used, so we do not know yet whether host matches are legitimate (access list applied with access-group to filter packets on an interface) or whether network matches are legitimate (access list applied in a distribute list to control routing updates). But either pair of lines could legitimately match against some things.

HTH

Rick

HTH

Rick

rajivrajan1
Level 3
Level 3
In response to Richard Burts

‎09-08-2008 11:51 PM

hi rick , thanx for the reply.

I'm using these access-list in my redistribution ( static to ospf).

most of my source addresses are /24

for example

cust A LAN ip 10.1.0.1

cust B LAN ip 10.0.2.0

CUST C LAN ip 10.0.0.1

in my PE router im matching this as

permit 10.1.0.0

permit 10.0.2.0

permit 10.0.0.0

will this match my traffic and redistribute in to OSPF ( it 's doing !!!).

So what else are allowed ? i'm really wondering if it's matching the class based networks.please clarify.

0 Helpful

RanilG
Level 3
Level 3
In response to rajivrajan1

‎09-09-2008 01:40 AM

Hi,

i'm really wondering if it's matching the class based networks.please clarify

You can try redistribution of classful network to see whether it actually is taking place.

redistribute static route-map

vs

redistribute static route-map subnets

According to my understanding these hits correspond to the classless (/24) networks those are redistributed into OSPF.

HTH

0 Helpful

RanilG
Level 3
Level 3
In response to RanilG

‎09-09-2008 07:00 AM

You could emulate this scenario and do clear ospf process(or traffic) to see the hits on ACLs when those networks are redistributed.

For instance,

Standard IP access list 10

10 permit 10.0.0.0 log (1 match)

20 permit 10.1.0.0 log (1 match)

--

%SEC-6-IPACCESSLOGNP: list 10 permitted 0 10.0.0.0 -> 0.0.0.0, 1 packet

%SEC-6-IPACCESSLOGNP: list 10 permitted 0 10.1.0.0 -> 0.0.0.0, 1 packet

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card