Table 112 Protocols and Their Corresponding Number Identification for an ACL

Protocol

Range

Wildcard masks in conjunction with IP addresses are used to identify the source address in an ACL. Wildcard masks are also known as reverse netmasks . If your netmask normally is 255.255.255.0, for example, in binary that is as follows:

11111111 11111111 11111111 00000000

Swapping the bits, that yields the following:

00000000 00000000 00000000 11111111

or 0.0.0.255 (your wildcard mask).

Another way to calculate your wildcard mask is to take your network mask and subtract each octet from 255. If your network mask is 255.255.248.0, for example, you calculate your wildcard by subtracting 255 from each octet, yielding a 0.0.7.255 wildcard mask.

After defining an ACL, you must apply it to the interface (inbound or outbound):

interface interface ip access-group number {in | out}

Example 11-1 shows the use of a standard IP ACL to block all traffic except that from source 192.168.100.x.

0 0

Post a comment