Re: ACL with host keyword

jsremi001 · ‎03-10-2019

Hi,

I would like to understand the host keyword mentioned ACLs logic and the procedure to use them in blocking subnets from redistribution. (Below is the example ACL)

10 permit ip host 100.0.0.0 host 255.0.0.0

Kindly give an example

Regards,

Antro

balaji.bandi · ‎03-10-2019

here is the example both works in same way (Host means single host)

Access-list 30 permit host 10.10.10.10 " and "access-list 30 permit 10.10.10.10 0.0.0.0" mean exactly the same thing

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

luis_cordova · ‎03-10-2019

Hi @jsremi001 ,

In the ACL logic, the wildcard mask is used to delimit the IP addresses that will be examined by the ACL statement.

In the case of the keyword host, this is used when the ACL statement must match a single IP address, be it of origin and / or

For example, an ACL that allows all traffic from a specific IP address to another specific IP address could be so:

permit ip 192.168.100.10 0.0.0.0 172.16.32.13 0.0.0.0

But, using the keyword host:

permit ip host 192.168.100.10 host 172.16.32.13

Remember to mark the correct answers as solved, since that helps other users with similar doubts

Regards

jsremi001 · ‎03-10-2019

What will be the result of ""10 permit ip host 100.0.0.0 any ""?

luis_cordova · ‎03-10-2019

Hi @jsremi001 ,

permit:

The traffic of the packages that match the IP addresses indicated below will be allowed.

ip:

the traffic of any protocol

host 100.0.0.0

only the originating traffic of this IP address coincides and will be allowed or denied as indicated above

any

the keyword any indicates that every IP address, source or destination, matches this ACL

In short, the traffic of any protocol, which has its origin IP address 100.0.0.0 and is directed to any IP address it will be allowed.

Remember to mark the correct answers as solved, since that helps other users with similar doubts

Regards