General discussion


Cisco ACL's

By deleon111 ·
I'm trying to figure out how wildcard mask works if i want to deny or permit the addresses within a subnet,for example, in the subnet to I know the wildcard mask is,ok but how is it able to know the range of addresses within that subnet? is it because the addresses within that subnet all start with the same binary digit? and if so why it doesn't work in subnet to can sombody please give me a brief explanation on wildcard masksand how they work!

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Collapse -

Wildcard mask from cisco

by davidkestner In reply to Cisco ACL's

I made two parts to this reply. One is an example from cisco ccna. The other is in my own words.
access-list 1 deny
access-list 1 permit
(implicit deny any)

The example below shows how anACL is designed to block traffic from a specific address,, and to allow all other traffic to be forwarded on interface Ethernet 0. The first access-list command uses the deny parameter to deny traffic from the identified host. The address mask in this line requires the test to match all bits.

In the second access-list command, the IP address/ wildcard mask combination identifies traffic from any source. This combination can also be written usingthe keyword any. All zeros in the address indicate a placeholder, and all ones in the wildcard mask indicate that all 32 bits will not be checked in the source address. Any packet that does not match the first line of the ACL will match the second one and be forwarded.

The second part. There are two types of access lists: standard and extended. To limit the range of the deny or permit extended is needed. example:
access-list 101 permit ip eq 21
access_list 101 permit ip

Back to IT Employment Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums