Wildcards don't have to be consecutive of binary 1s or 0s. Wildcard could be 0.255.0.0 or 0.0.66.0 etc. Routers examine each bit in IP address and compare it to wildcard. When router checks each wildcard bit, the logic is following: if bit equal to 0 than IP address' corresponding bit should match and if bit equal to 1 than IP address' bit doesn't have to match.
To get a wildcard from a subnet mask, we need to substract mask from 255.255.255.255.
255.255.255.255
− 255.255.252. 0
0. 0. 3. 255
The number range for standart ACLs is 1 to 99 and 1300 to 1999.
Standard ACLs should be placed near to the destination of the packets so that it does not unintentionally discard packets that should not be discarded.
The extended access-list command uses numbers between 100–199 and 2000–2699.
Extended ACLs should be placed as close as possible to the source of the packets.
No comments:
Post a Comment