netmask and access-list?

Discussion in 'Cisco' started by Captain, Jul 10, 2003.

  1. Captain

    Captain Guest

    Normally to define a a full class c subnet
    I would use:

    192.168.1.0 netmask 255.255.255.0

    However, when defining an access-list,
    the same group of IPs would be:

    access-list 150 permit ip 192.168.1.0 0.0.0.255

    Why the reverse in the netmask?


    Also, if I want to define an access-list
    for just the last 64 IPs of a class C, what
    would the mask be?

    ie.
    192.168.1.192 netmask 255.255.255.192
     
    Captain, Jul 10, 2003
    #1
    1. Advertising

  2. In article <>,
    Captain <> wrote:
    >Normally to define a a full class c subnet
    >I would use:
    >
    >192.168.1.0 netmask 255.255.255.0
    >
    >However, when defining an access-list,
    >the same group of IPs would be:
    >
    >access-list 150 permit ip 192.168.1.0 0.0.0.255
    >
    >Why the reverse in the netmask?


    It's not a netmask, it's a wildcard bitmask. The choice of whether to use
    0's or 1's to indicate the don't-care bits is arbitrary, and Cisco decided
    to do it this way for whatever reasons they had over 15 years ago.

    >Also, if I want to define an access-list
    >for just the last 64 IPs of a class C, what
    >would the mask be?
    >
    >ie.
    >192.168.1.192 netmask 255.255.255.192


    permit ip 192.168.1.192 0.0.0.63

    Basically, just subtract the octets in the netmask from 255 to get the
    wildcard mask that matches all the addresses in the subnet.

    --
    Barry Margolin,
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
     
    Barry Margolin, Jul 10, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Walter Roberson

    netmask calculation trick

    Walter Roberson, Jan 31, 2004, in forum: Cisco
    Replies:
    4
    Views:
    5,125
    Walter Roberson
    Feb 2, 2004
  2. Pete Mainwaring

    Default Netmask on VPN Client

    Pete Mainwaring, Feb 19, 2004, in forum: Cisco
    Replies:
    0
    Views:
    3,841
    Pete Mainwaring
    Feb 19, 2004
  3. PS2 gamer
    Replies:
    6
    Views:
    6,993
    Hansang Bae
    Jun 9, 2004
  4. AM
    Replies:
    1
    Views:
    920
    Walter Roberson
    Feb 25, 2005
  5. GS
    Replies:
    2
    Views:
    9,332
Loading...

Share This Page