Masks are acclimated with IP addresses in IP ACLs to specify what
should be acceptable and denied. Masks in adjustment to configure IP
addresses on interfaces alpha with 255 and accept the ample ethics on
the larboard side, for example, IP abode 209.165.202.129 with a
255.255.255.224 mask. Masks for IP ACLs are the reverse, for example,
affectation 0.0.0.255. This is sometimes alleged an changed affectation
or a wildcard mask. When the amount of the affectation is burst
bottomward into bifold (0s and 1s), the after-effects actuate which
abode $.25 are to be advised in processing the traffic. A 0 indicates
that the abode $.25 charge be advised (exact match); a 1 in the
affectation is a "don't care". This table added explains the concept.
|
Mask Example |
|
network address (traffic that is to be processed)
|
10.1.1.0 |
|
mask |
0.0.0.255 |
|
network address (binary) |
00001010.00000001.00000001.00000000
|
|
mask (binary) |
00000000.00000000.00000000.11111111
|
Based on the bifold mask, you can see that the aboriginal three sets
(octets) charge bout the accustomed bifold arrangement abode absolutely
(00001010.00000001.00000001). The aftermost set of numbers are "don't
cares" (.11111111). Therefore, all cartage that begins with 10.1.1.
matches back the aftermost octet is "don't care". Therefore, with this
mask, arrangement addresses 10.1.1.1 through 10.1.1.255 (10.1.1.x) are
processed.
Subtract the accustomed affectation from 255.255.255.255 in
adjustment to actuate the ACL changed mask. In this example, the
changed affectation is bent for arrangement abode 172.16.1.0 with a
accustomed affectation of 255.255.255.0.
*
255.255.255.255 - 255.255.255.0 (normal mask) = 0.0.0.255 (inverse mask)
Note these ACL equivalents.
*
The source/source-wildcard of 0.0.0.0/255.255.255.255 agency "any".
*
The source/wildcard of 10.1.1.2/0.0.0.0 is the aforementioned as "host 10.1.1.2".
Sections
Comments (0 posted)
Syndication
