[c-nsp] Cisco ACL wildcard convert to object-group subnetmask

Satish Patel satish.txt at gmail.com
Mon Oct 3 18:15:46 EDT 2016


Wait a second i screwed up here. following is right wildcard mask.

access-list 101 permit tcp any 192.168.100.0 0.0.0.127 eq www
access-list 101 permit tcp any 192.168.100.128 0.0.0.63 eq smtp
access-list 101 permit tcp any 192.168.100.192 0.0.0.63 eq ftp



On Mon, Oct 3, 2016 at 6:12 PM, Satish Patel <satish.txt at gmail.com> wrote:
> I have following ACL
>
> access-list 101 permit tcp any 192.168.100.0 0.0.0.127 eq www
> access-list 101 permit tcp any 192.168.100.128 0.0.0.191 eq smtp
> access-list 101 permit tcp any 192.168.100.192 0.0.0.255 eq ftp
>
> I want to convert them in object-group style ACL so what subnet mask i
> should use?
>
> Do you think following subnet mask are correct according above wildcard?
>
> object-group network WWW-ACL
>    192.168.100.0 255.255.255.128
>
>  object-group network SMTP-ACL
>    192.168.100.128 255.255.255.192
>
>
>  object-group network FTP-ACL
>     192.168.100.192 255.255.255.192   <--- i don't know how does this
> interpret? looks wierd to me


More information about the cisco-nsp mailing list