cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

485
Views
3
Helpful
4
Replies
Highlighted
Beginner

Extended ACL subnet issue

I am creating an extended access list in cisco 3560 as below

permit ip 10.65.1.0 0.1.255.255 host 10.0.0.1

permit ip 10.65.1.0 0.1.255.255 host 10.0.0.2

permit ip 10.65.1.0 0.1.255.255 host 10.0.0.3

But when I see the ACL by show ip access-list the subnet changes like below

permit ip 10.64.1.0 0.1.255.255 host 10.0.0.1

permit ip 10.64.1.0 0.1.255.255 host 10.0.0.2

permit ip 10.64.1.0 0.1.255.255 host 10.0.0.3

Everyone's tags (3)
4 REPLIES 4
Cisco Employee

Extended ACL subnet issue

Yasir,

It is becasue it corrected your statement rightly as below

permit ip 10.64.1.0 0.1.255.255 host 10.0.0.1

Your wild card mask is 0.1.255.255

your 2nd octect(00000001)  in wild card mask says to don't care that last bit in that octect. When you do that, your network statement should have 0 as last bit of your 2nd Octect

But 65 has last bit as 1.

65= 01000001 --- > last bit is one here

IOS corrected it by making the last bit as 0

64= 01000000

Thank you

Raju

Beginner

Extended ACL subnet issue

Thanks Raju for your kind reply. It means that i will face this issue for every subnet containing 5, i.e.

10.5.0.0 /23 will become 10.4.0.0 and

10.15.0.0/23 will become 10.14.0.0.

Now I understand why it was happening.Thankyou

Cisco Employee

Extended ACL subnet issue

Hi Yasir,

your original question was having sunbet /15. not /23

When you use /15, 2nd octect of the network has to be an even number

So subnet will be like below

10.0.0.0/15

10.2.0.0/15

10.4.0.0/15

10.6.0.0/15

10.8.0.0/15

.......

.......

10.254.0.0/15

Thanks

Raju

Contributor

Extended ACL subnet issue

Address:   10.65.1.0             00001010.0100000 1.00000001.00000000
Netmask:   255.254.0.0 = 15      11111111.1111111 0.00000000.00000000
Wildcard:  0.1.255.255           00000000.0000000 1.11111111.11111111
=>

Network:   10.64.0.0/15          00001010.0100000 0.00000000.00000000 (Class A)

Broadcast: 10.65.255.255         00001010.0100000 1.11111111.11111111

HostMin:   10.64.0.1             00001010.0100000 0.00000000.00000001

HostMax:   10.65.255.254         00001010.0100000 1.11111111.11111110

Address:   10.65.1.0             00001010.0100000 1.00000001.00000000
Netmask:  
255.254.0.0 = 15      11111111.1111111 0.00000000.00000000
Wildcard: 
0.1.255.255           00000000.0000000 1.11111111.11111111
=>

Network:   10.64.0.0/15          00001010.0100000 0.00000000.00000000 (Class A)
Broadcast: 10.65.255.255         00001010.0100000 1.11111111.11111111
HostMin:   10.64.0.1             00001010.0100000 0.00000000.00000001
HostMax:   10.65.255.254         00001010.0100000 1.11111111.11111110

please rate helpful posts

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

CreatePlease to create content
Content for Community-Ad