With this mask,
network addresses 10.1.1.1 through 10.1.1.255 (10.1.1.x) are processed.
The ACL inverse mask can also be determined by subtracting the normal mask from 255.255.255.255. See
Example 2-1.
Example 2-1. ACL Inverse Mask
Code View:
The inverse mask for network address 172.16.1.0 with a subnet mask of 255.255.240.0
is;
255.255.255.255 - 255.255.240.0 (subnet mask) = 0.0.15.255 (inverse mask)
Note
When configuring an ACL, you can substitute long dotted numbers with special keywords that represent
the same equivalents, as shown in the following examples:
Source/source-wildcard of 0.0.0.0/255.255.255.255 can also be represented with the keyword
"any" within the ACL.
Source/wildcard of 10.1.1.2/0.0.0.0 can also be represented as "host 10.1.1.2."
ACL Configuration
There are two basic steps in configuring an ACL:
Step 1. Create an ACL.
Step 2. Apply an ACL list to an interface.
These are explained further in the sections that follow.
Creating an ACL
The first step in the configuration process is to create an ACL for each protocol to be filtered, per interface. For
some protocols, one ACL can be created to filter inbound traffic and another to filter outbound traffic.
Pages:
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82