12-15-2011 06:26 PM - edited 03-07-2019 03:55 AM
hi all,
i was reading about standard ACL and came across that a standard ACL wildcard mask is optional? my understanding tells me that this could be true for classful IP. appreciate if someone can expound on this topic. below is an excerpt from what i've read. thanks in advance!
source-wildcard (Optional) Wildcard bits to be applied to the source.
There are 2 ways to specify the source wildcard:
- Use a 32-bit quantity in 4-part, dotted-decimal format
- use the keyword any as an abbreviation for a source and
source-wildcard of 0.0.0.0 255.255.255.255
Solved! Go to Solution.
12-16-2011 06:58 AM
Hello John,
Correct I saw that I forgot the keyword host..
Regarding your question, again if you are using a subnet ( not a host) you will need to use the wildcard. The wildcard is optional because you can use instead the keyword hos ( 1 ip address) t or the keywork any ( any ip address)
Do you see it now?
Regards,
Please rate helpful posts.
Julio
12-15-2011 09:27 PM
Hello John,
Based on logic I would say that its optional when you are talking about a specific ip address (host) if you are talking about a subnet you will need to use wildcard.
Example:
-Access-list 10 permit tcp 192.168.15.2 ( will permit traffic just for 192.168.15.2/)
-Access-list 10 permit tcp 192.168.10.0 0.0.0.255 ( will permit traffic for that subnet)
Thats what they mean by saying its optional.
Please rate helpful posts.
Kind regards,
Julio!!!
12-15-2011 11:26 PM
hi julio,
thanks for the feedback! i do get for the host ACL but how about classful network? or is it safe to assume that the router knows or accept a default wildcard mask? example would be as below:
Router(config)#access-list 10 permit 192.168.15.0
i also wanted to correct on your syntax:
Router(config)#access-list 10 permit host 192.168.15.2
12-16-2011 06:58 AM
Hello John,
Correct I saw that I forgot the keyword host..
Regarding your question, again if you are using a subnet ( not a host) you will need to use the wildcard. The wildcard is optional because you can use instead the keyword hos ( 1 ip address) t or the keywork any ( any ip address)
Do you see it now?
Regards,
Please rate helpful posts.
Julio
12-16-2011 03:56 PM
Hi Julio,
I gotcha. Thanks!
Sent from Cisco Technical Support iPhone App
12-16-2011 04:02 PM
Hello John,
My pleasure...
Any other question just let me know.
Kind regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide