Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
0
Helpful
7
Replies

ACL help!!!

shan-cao
Level 1
Level 1

‎05-21-2005 09:27 AM - edited ‎03-03-2019 09:38 AM

Hi, I have a problem with the following application:

router A can receive many route through rip protocol:

196.1.1.0/24,196.1.2.0/24,196.1.3.0/24,196.1.4.0/24,196.1.5.0/24,196.1.6.0/24,196.1.7.0/24,196.1.8.0/24,196.1.9.0/24,196.1.10.0/24. I just wish routerA can be configured a filter that allow only network 196.1.2.0/24,196.1.8.0/24 and 196.1.10.0/24. I wish the filter can be configured with minimal number of lines.

I see the configuration as following:

router rip

distribute-list 1 in serial 0

!

access-list 1 permit 196.1.0.0 0.0.10.255.

!

I can not understand the line: 0.0.10.255. what's mean with the line? Who can give me a explain or a cisco web link for that? Thanks a lot!

Sincerely

Labels:
0 Helpful
7 Replies 7

andreas.schnell
Level 1
Level 1

‎05-21-2005 09:49 AM

The line:

0.0.10.255

.. is a Wildcardmask, which is used together with ACL's (and OSPF too).

So the statement:

access-list 1 permit 196.1.0.0 0.0.10.255

... means basically that the IP Range:

196.1.0.0 - 196.1.10.255 is allowed to pass this ACL.

Hope it was helpful?!

cheers

Andy

0 Helpful

shan-cao
Level 1
Level 1
In response to andreas.schnell

‎05-21-2005 10:07 AM

Hi, Thanks for your response. But the filter only allows the 196.1.2.0/24, 196.1.8.0/24,196.1.10.0/24 to be received by the router A. How to do it?

the line: 0.0.10.255 isn't a normal wildcardmask.

Sincerely

0 Helpful

andreas.schnell
Level 1
Level 1
In response to shan-cao

‎05-21-2005 10:11 AM

I guess I don't actually understand your question *g*

Do you ask how to block 196.1.2.0/24, 196.1.8.0/24 and 196.1.10.0/24 ??

Additionally... Why do you think that 0.0.10.255 is not a normal Wildcardmask?

cheers

Andy

0 Helpful

shan-cao
Level 1
Level 1
In response to andreas.schnell

‎05-21-2005 10:18 AM

:),normal wildcardmask is always configured as .3, .15, .7 , .31, 63, 127, 255.

Honestly, I never see this type wildcardmask(0.0.10.255) in my network career.

Sincerely

0 Helpful

andreas.schnell
Level 1
Level 1
In response to shan-cao

‎05-21-2005 10:28 AM

--quote--

:),normal wildcardmask is always configured as .3, .15, .7 , .31, 63, 127, 255.

Honestly, I never see this type wildcardmask(0.0.10.255) in my network career.

--unquote--

Ahh.. allright, now I see what you mean.

After seeing it in binary, you're right. It's really unusual.

But dgham delivered a pretty good answer. Thanks for that. :-)

cheers

Andy

0 Helpful

dgahm
Level 8
Level 8

‎05-21-2005 10:16 AM

Access lists use wildcard masks meaning that a binary 1 in a bit position is a don't care, and a binary 0 is a must match.

In the 3rd octet mask you have 10, which is 00001010. Since the address for the 3rd octet is 0, this means that all address bits must be 0, except for the bits in the postions with the mask 1s.

The decimal valuse of those binary positions is 2 and 8. If we look at all possible combinations of those 2 bits, we will get the addresses that will pass.

In decimal those are 0,2,8,10, so those are the only values in the 3rd octet that will pass.

So your distribution filter will work, since the 196.1.0.0 is not being sent.

0 Helpful

shan-cao
Level 1
Level 1
In response to dgahm

‎05-21-2005 10:23 AM

:),Thanks for your explain. I have totally get it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card