Feb 9 / Greg

Cisco – Absence Of A Wildcard Mask In An ACL

If I have a standard ACL entry like this:

1 2	access-list 98 deny 10.0.0.0 access-list 98 permit any

and I apply it to an interface. What addressing does this block?

One might think that leaving off the wildcard mask would use the classful boundary(/8 or 0.255.255.255) of the addressing…but one would be wrong. In IOS if you leave off the wildcard mask a wildcard mask of 0.0.0.0 is assumed. This means the address is considered a host address(a single IP address). This means the first line equates to :

1	access-list 98 deny 10.0.0.0 0.0.0.0

1	access-list 98 deny host 10.0.0.0

Cisco – Absence Of A Wildcard Mask In An ACL

Leave a Comment

Donate

Blogroll

Contact Me

Contributors

Links

Categories

Pages

Archives

Search