Cisco access lists ACL and wildcard mask
Wild card mask
WILDCARD NETWORK MASK 0 - means match 0 - hosts part of a network address 1 - means ignore 1 - match, identifies network bits that need matching for all hosts in the same subnet
Calculate wild card mask
255.255.255.255
subnet mask -255.255.192.0
-----------------
wild card mask 0. 0. 63.255
Examples
pattern wildcard access-list 33 permit 198.51.100.58 0.0.0.63 ip packet evaluated 198.51.100.3 in binary ACL IP pattern 198.51.100.58 11000110.00110011.01100100.00111010 Wildcard mask 0. 0. 0.63 00000000.00000000.00000000.00111111 Logic applied \ these bits must match /\ ignore,it/ \ ________________________/ | can be | | 0 or 1 | Range of addresses matching from 198.51.100.0 11000110.00110011.01100100.00000000 the rule: to 198.51.100.63 11000110.00110011.01100100.00111111 Ip packet evaluated 198.51.100.3 11000110.00110011.01100100.00000011 MATCH!
ACL abbrivations
any = 0.0.0.0 255.255.255.255 # wildcard ignores all address bits host = eg: 10.0.0.2 0.0.0.0 # wildcard requires that all bits need to match
Standard numbered ACL
Router(config)# access-list access-list-number { deny | permit | remark } source [ source-wildcard ][ log ]
Router(config-if)# ip access-group { access-list-number | access-list-name } { in | out } !activates the numbered IP ACL on an interface
Standard named ACL
ACL name cannot contain special characters or spaces, it is advised to be UPPER CASES.
Router(config)# ip access-list standard name
Router(config-std-nacl)# [permit | deny | remark] {source [source-wildcard]} [log]
Router(config-if)# ip access-group name [in | out] !activates the named IP ACL on an interface