andrew

All 3 statements are unusual and not standard ways of writing access list entries. But as far as I can tell they are valid - if they are configured on a router I think it would not generate a syntax error. But the non-standard masks used make it very difficult to determine what will match.

Bear in mind that in the access list mask a binary 0 means that the bits must match and a binary 1 means that the bits do not need to match. So in the first statement:

permit tcp 10.16.8.0 0.0.0.64 host 10.1.2.16

the mask of 0.0.0.64 for the source address has 31 binary 0 and a single binary 1. So effectively there are 2 addresses that will match this: 10.16.8.0 and 10.16.8.64.

The second statement seems to be for a standard access list rather than an extended access list since there is a single address and a single mask. Again the mask used is quite unusual and what it will match is irregular. The statement is:

Permit 10.16.0.0 0.4.255.255

and with this mask the first octet must be 10, the last 2 octets can be anything and since the second octet of the mask has a single binary 1 it will match 2 addresses - 16 and 20.

The last statement is even more unusual. It is:

permit ip 10.16.0.0 0.3.255.127 10.16.8.0 0.0.7.255

The mask of 0.3.255.127 indicates that the first octet must be 10, the second octet can be 16, or 17, or 18, or 19. The third octet can be anything. The fourth octet can be anytung except 0 and 128.

HTH

Rick