Unusual Access List wildcard

kimtoovey · ‎05-23-2011

Hi all,

Didn't want it to come to this but I am stumped by a ACL that is using a mask of 0.255.240.7. This does not fit with my understanding of valid masks...

I am working with some existing config and trying to understand what is going on. It is as though the mask was written to capture certain ranges of 3rd and 4th octet. However it is as thought the mask starts as a wildcard and then tries to be a SM and then back to WildCard...

Please educate me.

Thotsaphon Lueangwattanaphong · ‎05-23-2011

Hi,

Please post the actual ACLs. Seems we are going to do the math on this problem.

Toshi

cadet alain · ‎05-23-2011

Hi,

wildcard masks must be interpreted in binary where bits turned on mean don't care about these positions in the ip address.

So here 0.255.40.7 in binary is 00000000.11111111.00101000.00000111

So the first 8 bits must be equal, you don't care about the next 8 bits then the next 2 must be equal as well as 4th, 6th, 7th and 8th, then in final octet you don't care about the last 3 bits.

But as toshi said we need the ACL to calculate which IPs we are masking.

Regards.

Alain.

Don't forget to rate helpful posts.

kimtoovey · ‎05-23-2011

Hi again,

Thanks for the reply.

It's permit udp 10.0.12.8 0.255.240.7 any range 5004 5005

I guess I have never attempted anything this specific before.

milan.kulik · ‎05-23-2011

Hi,

using a nice free Boson Wildcard mask checker tool:

"IP Address: 10.0.12.8
Wildcard mask: 0.255.240.7

First Octet Match(es)
10

Second Octet Match(es)
0- 255

Third Octet Match(es)
12
28
44
60
76
92
108
124
140
156
172
188
204
220
236
252

Fourth Octet Match(es)
8- 15"

HTH,

Milan