This statement can match all the IP addresses of 172.16.240.0/20 network shown below.įirst usable IP address - 172.16.240.1/20
The above example states that the values of first 20 bits must exactly match and the last 12 bits can be any. The decimal representation of the above IP Address, Subnet Mask and Wildcard mask are given below. Click the following link to learn more about class B subnetting. This statement can match all the IP addresses of 172.16.0.0/24 network.Įxample 2: The following example can be used to specify all IP addresses of a classs B network, 172.16.240.0/20 (Subnet Mask 255.255.240.0). The above example states that the values of first three octects should exactly match and the values of the last octet can be any. The decimal representation of the above IP Address and wildcard mask is given below. The binary representation of above network address, subnet mask and wild card mask is as shown below. To specify a range of IP addresses in a network using Access Control List (ACL) Wildcard mask, use the "1" bit only for the subnetted bits.Įxample 1: The following example can be used to specify all IP addresses of a classs B network, 172.16.0.0, which is subnetted by using a class C subnet mask (172.16.0.0/24).
#Cisco mac address filtering acl how to
How to specify a range of IP addresses in a network using Access Control List (ACL) Wildcard mask This statement can match all the IP addresses of 172.16.0.0/16 network. The above example states that the values of only first two octects should exactly match and the values of the last two octets can be any. The following example can be used to specify all IP addresses in 172.16.0.0/16 ntwork. To specify an entire network using Access Control List (ACL) Wildcard mask, use a wild card mask of 255 (all bits "1" in that octet). Host 172.16.0.12 How to specify an entire network using Access Control List (ACL) Wildcard mask The keyword "host" can also be used to accomplish the same result as shown below. As we discussed above, whenever a zero is present in wildcard mask, correspoding part in IP address must match exactly. The four zeros in the wildcard mask represent each octet of the address. To specify a single host using Access Control List (ACL) Wildcard mask, the IP address and wildcard mask should be as below.
Some examples of Access Control List (ACL) wildcard masks are given below How to specify a single host using Access Control List (ACL) Wildcard mask A "0" bit in the wildcard mask means that corresponding part in the IP address should exactly match and "1" bit means that the corresponding part in IP address can be ignored. When using a wildcard mask, a 0 in a bit position means that the corresponding bit position in the address of the Access Control Lists (ACL) statement must match the bit position in the IP address in the examined packet. Wildcard masks are used in Access Control Lists (ACL) to identify (or filter) an individual host, a network, or a range IP addresses in a network to permit or deny access.