08-03-2020 02:41 AM - edited 08-03-2020 02:51 AM
i there!
On one of the routers I worked on today, a Cisco 887VAG. I got a strange outcome of my command in an ACL:
K1(config)#ip access-list extended nat,
K1(config-ext-nacl)#permit ip 192.168.1.0 255.255.255.0 any
Which should simply allow the 192.168.1.0/24 to get access to the WWW.
How ever:
K1(config-ext-nacl)#do sh run
!
ip access-list extended nat
permit ip 0.0.0.0 255.255.255.0 any
!
was the result. No matter how I tried, it changed to 0.0.0.0.
I there a logical explanation? I need this ACL entry...
So what am I missing? Or is it a bug?
EDIT:thats monday for you! I needed a wildcard mask instead of a network mask, derp.
Close en delete please ;)
Solved! Go to Solution.
08-03-2020 03:56 AM - edited 08-03-2020 03:57 AM
Hello
The extended ACL should have read permit ip 192.168.1.0 0.0.0.255 any which results in 192.168.1.0 255.255.255.0
However what you have submitted is to tell the rtr to not bother reading the first 3 octets (inverse acl logic)so the result is what you see.
08-03-2020 03:56 AM - edited 08-03-2020 03:57 AM
Hello
The extended ACL should have read permit ip 192.168.1.0 0.0.0.255 any which results in 192.168.1.0 255.255.255.0
However what you have submitted is to tell the rtr to not bother reading the first 3 octets (inverse acl logic)so the result is what you see.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide