12-15-2022 06:28 PM
My predecessor implemented a few ACL statements which I am unfamiliar with. Several start off with the below statements.
permit udp 0.0.0.0 255.255.255.248 any eq 1985
permit udp 0.0.0.0 255.255.255.248 eq ntp any
permit icmp 0.0.0.0 255.255.255.248 0.0.0.0 255.255.255.248
permit ip 0.0.0.0 255.255.255.248 0.0.0.0 255.255.255.248
I am trying to figure out how these statements work. Is the entry suppose to match any host as long as the subnet mask matches and the last 2 bits of the IP address are set? I've tried searching for other examples, but all are either ANY or "0.0.0.0 255.255.255.255"
Thanks!
Solved! Go to Solution.
12-16-2022 07:34 AM
Those ACLs allow UDP traffic with a destination port of 1985, NTP traffic, ICMP traffic, and any IP traffic.
The first two statements allow UDP traffic with a destination port of 1985 or NTP traffic. The third statement allows all ICMP traffic. The fourth statement allows all IP traffic.
The '0.0.0.0 255.255.255.248' notation is the source address and the subnet mask. In this case, the subnet mask is '255.255.255.248', which indicates that the first 29 bits are fixed and the last 3 bits are variable. This allows for a range of 8 possible IP addresses, all within the same subnet. The any keyword in the destination address field means that the traffic can be sent to any destination address.
In the first two statements, the 'eq' keyword specifies that the traffic is allowed only if the destination port matches the specified port number (1985 or NTP). In the third and fourth statements, the '0.0.0.0 255.255.255.248' notation in the destination address field indicates that the traffic is allowed to be sent to any destination address within the specified subnet.
12-16-2022 07:34 AM
Those ACLs allow UDP traffic with a destination port of 1985, NTP traffic, ICMP traffic, and any IP traffic.
The first two statements allow UDP traffic with a destination port of 1985 or NTP traffic. The third statement allows all ICMP traffic. The fourth statement allows all IP traffic.
The '0.0.0.0 255.255.255.248' notation is the source address and the subnet mask. In this case, the subnet mask is '255.255.255.248', which indicates that the first 29 bits are fixed and the last 3 bits are variable. This allows for a range of 8 possible IP addresses, all within the same subnet. The any keyword in the destination address field means that the traffic can be sent to any destination address.
In the first two statements, the 'eq' keyword specifies that the traffic is allowed only if the destination port matches the specified port number (1985 or NTP). In the third and fourth statements, the '0.0.0.0 255.255.255.248' notation in the destination address field indicates that the traffic is allowed to be sent to any destination address within the specified subnet.
12-19-2022 08:30 PM
Max,
Thank you for the reply. Makes a bit more sense now, not knowing exactly how that mask would work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide