Solved: Re: ACL changes command.

m.x · ‎08-03-2020

i there!

On one of the routers I worked on today, a Cisco 887VAG. I got a strange outcome of my command in an ACL:

K1(config)#ip access-list extended nat,
K1(config-ext-nacl)#permit ip 192.168.1.0 255.255.255.0 any

Which should simply allow the 192.168.1.0/24 to get access to the WWW.

How ever:

K1(config-ext-nacl)#do sh run

!
ip access-list extended nat
permit ip 0.0.0.0 255.255.255.0 any
!

was the result. No matter how I tried, it changed to 0.0.0.0.

I there a logical explanation? I need this ACL entry...

So what am I missing? Or is it a bug?

EDIT:thats monday for you! I needed a wildcard mask instead of a network mask, derp.

Close en delete please ;)

paul driver · ‎08-03-2020

Hello
The extended ACL should have read permit ip 192.168.1.0 0.0.0.255 any which results in 192.168.1.0 255.255.255.0
However what you have submitted is to tell the rtr to not bother reading the first 3 octets (inverse acl logic)so the result is what you see.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎08-03-2020

Hello
The extended ACL should have read permit ip 192.168.1.0 0.0.0.255 any which results in 192.168.1.0 255.255.255.0
However what you have submitted is to tell the rtr to not bother reading the first 3 octets (inverse acl logic)so the result is what you see.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul