Home |
Access Control Lists Overview |
10 Things to know about ACLs |
Adding Remarks
Anatomy of ACLs |
ACL Tutorial with Q&A |
Demystifying ACLs
ACL PowerPoint 1 |
ACL PowerPoint 2 |
Cisco ACL paper
Access-list 1 permit 186.145.65.12 0.0.0.0For Extended Access-lists
or
Access-list 1 permit 186.145.65.12 (standard access lists assume a 0.0.0.0 mask)
Access-list 101 permit ip 186.145.65.12 0.0.0.0 any2. MATCH AN ENTIRE SUBNET
or
Access-list 101 permit ip host 186.145.65.12 any
Wildcard mask = 255.255.255.255 – (minus) the subnet mask3. MATCH A RANGE (WITHIN A SINGLE (SUB)NETWORK)
Example 1
Given 42.64.86.0 subnet mask 255.255.255.0
255.255.255.255 - subnet mask 255.255.255.0 = Wildcard mask 0.0.0.255
Access-list 1 permit 42.64.86.0 0.0.0.255
Example 2
Given 202.22.66.99 subnet mask 255.255.255.240
255.255.255.255 - subnet mask 255.255.255.240 = Wildcard mask 0.0.0.15
Access-list 1 permit 202.22.66.99 0.0.0.15
Example 3
Given 55.66.77.0 subnet mask 255.255.224.0
255.255.255.255 - subnet mask 255.255.224.0 = Wildcard mask 0.0.31.255
Access-list 1 permit 55.66.77.0 0.0.31.255
Example 4
Given 211.95.32.128 subnet mask 255.255.255.248
255.255.255.255 - subnet mask 255.255.255.248 = Wildcard mask 0.0.0.7
Access-list 1 permit 211.95.32.128 0.0.0.7
To Find Wildcard Mask, take the HIGHER (end of the range) minus the LOWER(end of the range):4. MATCH EVERYONE
Example 1
Match the range from 132.43.48.0 to 132.43.63.255
132.43.63.255 - 132.43.48.0 = Wildcard mask 0.0.15.255
Access-list 1 permit 132.43.48.0 0.0.15.255
Example 2
Match the range from 132.43.16.32 to 132.43.31.63
132.43.31.63 - 132.43.16.32 = Wildcard mask 0.0.15.31
Access-list 1 permit 132.43.16.32 0.0.15.31
Pay Attention! Now hear this:
Each Wildcard mask value must be ONE LESS than a power of 2 using this approach.
(i.e. one of these: 0, 1, 3, 7, 15, 31, 63, 127, 255)
You will have to create a couple of ranges if this condition is not met.
Access-list 1 permit any
or
Access-list 1 permit 0.0.0.0 255.255.255.255