[c-nsp] Access-list Question
Jeff Kell
jeff-kell at utc.edu
Wed May 16 15:32:06 EDT 2007
Brian McMahon wrote:
> Cool example -- but it still doesn't answer the fundamental question:
> Why couldn't the same thing have been expressed as "deny ip any
> 195.30.0.255 255.255.0.255", like you'd do with a noncontiguous netmask?
I suspect to maintain the distinction between access list entities (which allow noncontiguous bits) and routes (which do not allow noncontiguous bits). The route/subnet "mask" must be contiguous left-to-right ones followed by contiguous zeroes and can just as easily be done with CIDR notation, while the ACL wildcard is a true bitmask indicating which bits we "don't care" about when comparing addresses.
Jeff (who would have liked discontiguous subnet masks in routes recently)
More information about the cisco-nsp
mailing list