3 Replies Latest reply: Jul 5, 2017 8:41 AM by Steven Davidson RSS

    Access-list Comparison

    SM

      Do both of these statements mean and do exactly the same thing

       

      1-access-list 5 permit 3.3.3.3  0.0.0.255

       

      2-access-list 5 permit 3.3.3.0  0.0.0.255

        • 1. Re: Access-list Comparison
          Steven Davidson

          If you try to enter ACE 1 in configuration it will appear as ACE 2.  The CLI will auto-correct it.

          • 2. Re: Access-list Comparison
            SM

            I am confused, I was asking a different question. The one and 2 in the beginning are not part of the statements, if you look at both the statements after 1 and 2, you will see they are different.

            • 3. Re: Access-list Comparison
              Steven Davidson

              I know that 1- and 2- are not part of the statement.  What I am saying is that IOS will disregard the .3 in the last octet of statement #1 and simply parse it as "access-list 5 permit 3.3.3.0 0.0.0.255".  Bits in the wc mask, set to '1', are commonly referred to as "don't care bits".  That also applies to the parser. If you tried to enter:

               

              conf t

              access-list 5 permit 3.3.3.3 0.0.0.255

              access-list 5 permit 3.3.3.0 0.0.0.255

              do show run | inc access-list 5

               

              You'd see:

               

              access-list 5 permit 3.3.3.0 0.0.0.255

               

               

              Here's an example:

               

              RR1#show run | inc access-list 5

              RR1#conf t

              Enter configuration commands, one per line.  End with CNTL/Z.

              RR1(config)#access-list 5 permit 3.3.3.3 0.0.0.255

              RR1(config)#access-list 5 permit 3.3.3.0 0.0.0.255

              RR1(config)#do show run | inc access-list 5

              access-list 5 permit 3.3.3.0 0.0.0.255

              RR1(config)#


              When I said that IOS will auto-correct it, I meant that IOS will replace the .3 in the last octet with a '0 and recognize the 2nd ACE as a duplicate of the first ACE.