Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
10
Helpful
2
Replies

ACL Permit Any Matching Only Wilcard

Go to solution
jkstinn
Level 1
Level 1

‎12-15-2022 06:28 PM

My predecessor implemented a few ACL statements which I am unfamiliar with. Several start off with the below statements.

permit udp 0.0.0.0 255.255.255.248 any eq 1985
permit udp 0.0.0.0 255.255.255.248 eq ntp any
permit icmp 0.0.0.0 255.255.255.248 0.0.0.0 255.255.255.248
permit ip 0.0.0.0 255.255.255.248 0.0.0.0 255.255.255.248 

I am trying to figure out how these statements work.  Is the entry suppose to match any host as long as the subnet mask matches and the last 2 bits of the IP address are set?  I've tried searching for other examples, but all are either ANY or "0.0.0.0 255.255.255.255"

Thanks!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
MaxShantar
Cisco Employee
Cisco Employee

‎12-16-2022 07:34 AM

Those ACLs allow UDP traffic with a destination port of 1985, NTP traffic, ICMP traffic, and any IP traffic.

The first two statements allow UDP traffic with a destination port of 1985 or NTP traffic. The third statement allows all ICMP traffic. The fourth statement allows all IP traffic.

The '0.0.0.0 255.255.255.248' notation is the source address and the subnet mask. In this case, the subnet mask is '255.255.255.248', which indicates that the first 29 bits are fixed and the last 3 bits are variable. This allows for a range of 8 possible IP addresses, all within the same subnet. The any keyword in the destination address field means that the traffic can be sent to any destination address.

In the first two statements, the 'eq' keyword specifies that the traffic is allowed only if the destination port matches the specified port number (1985 or NTP). In the third and fourth statements, the '0.0.0.0 255.255.255.248' notation in the destination address field indicates that the traffic is allowed to be sent to any destination address within the specified subnet.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
MaxShantar
Cisco Employee
Cisco Employee

‎12-16-2022 07:34 AM

Those ACLs allow UDP traffic with a destination port of 1985, NTP traffic, ICMP traffic, and any IP traffic.

The first two statements allow UDP traffic with a destination port of 1985 or NTP traffic. The third statement allows all ICMP traffic. The fourth statement allows all IP traffic.

The '0.0.0.0 255.255.255.248' notation is the source address and the subnet mask. In this case, the subnet mask is '255.255.255.248', which indicates that the first 29 bits are fixed and the last 3 bits are variable. This allows for a range of 8 possible IP addresses, all within the same subnet. The any keyword in the destination address field means that the traffic can be sent to any destination address.

In the first two statements, the 'eq' keyword specifies that the traffic is allowed only if the destination port matches the specified port number (1985 or NTP). In the third and fourth statements, the '0.0.0.0 255.255.255.248' notation in the destination address field indicates that the traffic is allowed to be sent to any destination address within the specified subnet.

 

0 Helpful

Go to solution
jkstinn
Level 1
Level 1
In response to MaxShantar

‎12-19-2022 08:30 PM

Max,

Thank you for the reply.  Makes a bit more sense now, not knowing exactly how that mask would work.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents