Is this wildcard mask including this specific address?

news2010a · ‎02-12-2008

Imagine I want to allow traffic from networks, including 150.59.228.101/24 onto my router. Someone suggested the access-list below but I am not sure if this looks right:

They suggest 'permit ip any 150.59.224.0 0.0.192.255 permit ip any 150.59.232.0 0.0.192.255'.

Is this going to include traffic from 150.59.228.101/24?

I am aware that matches for the third and fourth octect will be the below therefore I don't think includes ".228.101/24". Do you agree this access-list is wrong?

Third Octet Match(es)

40

104

168

232

Fourth Octet Match(es)

0- 255

Richard Burts · ‎02-12-2008

Marlon

There are a few things in your post that need some clarification. You ask about 150.59.228.101/24, and if you really want /24 then any address in the fourth octet would be included and it would be written as 150.59.228.0/24. And if you really want the specific host address of 150.59.228.101 then it is a /32.

I am not clear how you came up with the matches in the third octet that you mention. And I do not believe that the mask of 0.0.192.255 will produce the results that you want. If you really want /24 then it should be written as permit ip any 150.59.228.0 0.0.0.255. and if you really want the address 150.59.228.101 then it would be written as permit ip any 150.59.228.101 0.0.0.0

HTH

Rick

HTH

Rick

Rick Morris · ‎02-13-2008

Yes the acl is wrong for use with wildcards

What you need to allow the entire /24 is

permit ip any 150.59.228.0 0.0.0.255

If you want just the host you specified above, then:

permit ip any host 150.59.228.101

If there is something you need in a larger block then it would be something entirely different.

We would need to know the subnet you are wanting in order to provide the correct wildcard mask.