Extended ACL: host 0.0.0.0 vs any

ivar johansen · ‎02-01-2013

I need to add a rule to my VTY access-list and I would like to know if there is

any real difference between these two rules:

access-list 100 permit tcp 10.24.24.0 0.0.0.255 host 0.0.0.0 range 22 telnet

access-list 100 permit tcp 10.24.24.0 0.0.0.255 any range 22 telnet

Kind Regards,

Ivar

player9 · ‎02-01-2013

Hello Ivar,

If I'm not mistaken, 0.0.0.0 matches the default route so

a) says "source 10.24.24.0/24 dest def.route"

and b) says "source 10.24.24.0/24 dest any", and I'm guessing that's what you want

cadet alain · ‎02-01-2013

Hi,

you should use a standard ACL to link to a vty access-class, using an extended one may generate some weird behavior.

Regards

Alain

Don't forget to rate helpful posts.

patrick.preuss · ‎02-01-2013

Hi

the 0.0.0.0 is a valid ip address with a some spcial meaning,

rfc5735

 0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
   network.  Address 0.0.0.0/32 may be used as a source address for this
   host on this network; other addresses within 0.0.0.0/8 may be used to
   refer to specified hosts on this network ([RFC1122], Section
   3.2.1.3).

For example: DHCP and routing uses the 0.0.0.0 with a netmask 0.0.0.0 for the default route

and "any" is a keywork from the config

Any in an acl can be written as 0.0.0.0/255.255.255.255 not as host 0.0.0.0 this is a differnt.

The wildcard mask behind host in an acl is 0.0.0.0.

The Meaning comes with the netmask or the wildcard mask.

Wildcard mask ist the logic opsite of an netmask.