Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
3
Helpful
4
Replies

Extended ACL subnet issue

yasirahmed
Level 1
Level 1

‎11-03-2012 12:50 AM - edited ‎03-07-2019 09:50 AM

I am creating an extended access list in cisco 3560 as below

permit ip 10.65.1.0 0.1.255.255 host 10.0.0.1

permit ip 10.65.1.0 0.1.255.255 host 10.0.0.2

permit ip 10.65.1.0 0.1.255.255 host 10.0.0.3

But when I see the ACL by show ip access-list the subnet changes like below

permit ip 10.64.1.0 0.1.255.255 host 10.0.0.1

permit ip 10.64.1.0 0.1.255.255 host 10.0.0.2

permit ip 10.64.1.0 0.1.255.255 host 10.0.0.3

Labels:
0 Helpful
4 Replies 4

Raju Sekharan
Cisco Employee
Cisco Employee

‎11-03-2012 01:39 AM

Yasir,

It is becasue it corrected your statement rightly as below

permit ip 10.64.1.0 0.1.255.255 host 10.0.0.1

Your wild card mask is 0.1.255.255

your 2nd octect(00000001)  in wild card mask says to don't care that last bit in that octect. When you do that, your network statement should have 0 as last bit of your 2nd Octect

But 65 has last bit as 1.

65= 01000001 --- > last bit is one here

IOS corrected it by making the last bit as 0

64= 01000000

Thank you

Raju

yasirahmed
Level 1
Level 1
In response to Raju Sekharan

‎11-03-2012 01:44 AM

Thanks Raju for your kind reply. It means that i will face this issue for every subnet containing 5, i.e.

10.5.0.0 /23 will become 10.4.0.0 and

10.15.0.0/23 will become 10.14.0.0.

Now I understand why it was happening.Thankyou

0 Helpful

Raju Sekharan
Cisco Employee
Cisco Employee
In response to yasirahmed

‎11-03-2012 05:40 AM

Hi Yasir,

your original question was having sunbet /15. not /23

When you use /15, 2nd octect of the network has to be an even number

So subnet will be like below

10.0.0.0/15

10.2.0.0/15

10.4.0.0/15

10.6.0.0/15

10.8.0.0/15

.......

.......

10.254.0.0/15

Thanks

Raju

0 Helpful

Muhammad Thanveer
Level 5
Level 5
In response to Raju Sekharan

‎11-03-2012 04:09 AM 

Address:   10.65.1.0             00001010.0100000 1.00000001.00000000

Netmask:   255.254.0.0 = 15      11111111.1111111 0.00000000.00000000

Wildcard:  0.1.255.255           00000000.0000000 1.11111111.11111111

=>

Network:   10.64.0.0/15          00001010.0100000 0.00000000.00000000 (Class A)

Broadcast: 10.65.255.255         00001010.0100000 1.11111111.11111111

HostMin:   10.64.0.1             00001010.0100000 0.00000000.00000001

HostMax:   10.65.255.254         00001010.0100000 1.11111111.11111110 

Address:   10.65.1.0             00001010.0100000 1.00000001.00000000

Netmask:   255.254.0.0 = 15      11111111.1111111 0.00000000.00000000

Wildcard:  0.1.255.255           00000000.0000000 1.11111111.11111111

=>

Network:   10.64.0.0/15          00001010.0100000 0.00000000.00000000 (Class A)
Broadcast: 10.65.255.255         00001010.0100000 1.11111111.11111111
HostMin:   10.64.0.1             00001010.0100000 0.00000000.00000001
HostMax:   10.65.255.254         00001010.0100000 1.11111111.11111110

please rate helpful posts

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card