netmask and access-list?

Discussion in 'Cisco' started by Captain, Jul 10, 2003.

  1. Captain

    Captain Guest

    Normally to define a a full class c subnet
    I would use:

    192.168.1.0 netmask 255.255.255.0

    However, when defining an access-list,
    the same group of IPs would be:

    access-list 150 permit ip 192.168.1.0 0.0.0.255

    Why the reverse in the netmask?


    Also, if I want to define an access-list
    for just the last 64 IPs of a class C, what
    would the mask be?

    ie.
    192.168.1.192 netmask 255.255.255.192
     
    Captain, Jul 10, 2003
    #1
    1. Advertisements

  2. It's not a netmask, it's a wildcard bitmask. The choice of whether to use
    0's or 1's to indicate the don't-care bits is arbitrary, and Cisco decided
    to do it this way for whatever reasons they had over 15 years ago.
    permit ip 192.168.1.192 0.0.0.63

    Basically, just subtract the octets in the netmask from 255 to get the
    wildcard mask that matches all the addresses in the subnet.
     
    Barry Margolin, Jul 10, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.