Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
1
Replies

Standard and Extended ACL does not verify Subnet mask

mahesh18
Level 6
Level 6

‎03-05-2012 11:49 AM - edited ‎03-07-2019 05:21 AM

Hi all,

I was reading about EIGRP  redistribution and ACL  used in that.

Can some one please  explain me about this----with example

A standard ACL  and Extended ACL checks only the network's address. It does not verify its netmask or any other attribute.???????????????

My understanding is this correct me if i am wrong --

if we apply ACL say standard  we put network address and wildcard mask.

say for example we use

access-list 1 permit 15.15.32.0    0.0.15.255

where 15.15.32.0 is network address

0.0. 15.255 is wildcard mask

so this will permit any IP address which starts with 15.15 right?

Thanks

MAhesh

Labels:
0 Helpful
1 Reply 1

Axel Luttgens
Level 1
Level 1

‎03-06-2012 08:25 AM

Hello,

Wildcard mask 0.0.15.255 corresponds to network mask 255.255.240.0, or /20.

So, your 15.15.32.0 0.0.15.255 combination designates ip addresses 15.15.32.0 (network) to 15.15.47.255 (broadcast).

And yes, your ACL should take the wildcard mask into account and honor that range.

HTH,

Axel

0 Helpful
Customers Also Viewed These Support Documents