04-07-2011 08:27 PM - edited 03-06-2019 04:30 PM
This should be an easy question. For SSH access:
Why does this work?
Standard IP access list 2
10 permit 172.16.2.0, wildcard bits 0.0.0.3 log
20 permit 172.16.1.32, wildcard bits 0.0.0.31 (6 matches)
30 permit 208.x.x.0, wildcard bits 0.0.0.255 log
40 permit 172.16.1.0, wildcard bits 0.0.0.31
50 permit 172.16.1.64, wildcard bits 0.0.0.31
And this not?
Standard IP access list 2
10 permit 172.16.2.0, wildcard bits 0.0.0.3 log
20 permit 172.16.1.0, wildcard bits 0.0.0.95
30 permit 208.x.x.0, wildcard bits 0.0.0.255 log
Same goes for NAT. Are summaries not accepted?
04-07-2011 10:09 PM
Daniel
Am I correct in assuming that your second access list is an attempt to summarize these entries from your first access list:
permit 172.16.1.0, wildcard bits 0.0.0.31
permit 172.16.1.32, wildcard bits 0.0.0.31
permit 172.16.1.64, wildcard bits 0.0.0.31
The correct statement for this summary (assuming that you want all 3 subnets summarized in a single statement) would be
permit 172.16.1.0, wildcard bits 0.0.0.127
but you are using this
permit 172.16.1.0, wildcard bits 0.0.0.95
I am not sure where the 0.0.0.95 comes from. I note that 95 is the last address of the last range that you use (172.16.1.64) but am not sure if that is why you used it.
The incorrect mask is why it is not working.
Summaries are certainly accepted - when the mask accurately describes the range to be summarized.
HTH
Rick
04-08-2011 05:56 AM
Got it, I see my mistake. I didn't know it had to be summarized like a summary route. I thought it could be more specific by specifying the beginning and ending IP.
Thanks,
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide