[c-nsp] non-CIDR netmasks in ACLs
Christopher E. Brown
chris.brown at acsalaska.net
Tue May 17 13:55:26 EDT 2005
Jon Lewis wrote:
> On Tue, 17 May 2005, Rick Ernst wrote:
>
>>I have a set of IP addresses (outside of my control) that need to be passed
>>through an ACL. Instead of being in a convenient block, they are in the
>>form of 1.2.x.4, with x being 96-111.
>>
>>IOS allows me to add an ACL like:
>> access-list 100 permit ip 1.2.96.4 0.0.15.0
>>
>>However.... "What will it break"? From the viewpoint of simply tweaking
>>the bits, it looks valid, but... At the same time, I'd rather have a
>>single ACL statement for 16 hosts, not 16 lines.
>
>
> It'll work just fine.
Better to say it may work. Getting the system to accept the line is one
things, working another.
I have seen masks like this /more or less/ work, but not block exactly
the range expected. (Specially on platforms with hardware accel for
this type of thing)
--
------------------------------------------------------------------------
Christopher E. Brown <chris.brown at acsalaska.net> desk (907) 550-8393
cell (907) 632-8492
IP Engineer - ACS
------------------------------------------------------------------------
More information about the cisco-nsp
mailing list