why access-list does not use the netmask to specify the hosts?

johnifanx98johnifanx98 Member Posts: 329
in a netmask way, 10.10.0.0 255.255.0.0. While in access-list, it becomes 10.10.0.0/0.0.255.255. Why access-list not use the netmask way?

Comments

  • RoguetadhgRoguetadhg Member Posts: 2,489 ■■■■■■■■□□
    It's just the way it is.

    Also, it's called a wild-card mask. Not a subnet mask. Big difference, as you can figure out :)
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

  • vishaw1986vishaw1986 Member Posts: 40 ■■□□□□□□□□
    Hey Jojn ,

    Yes its is in program to use wild card mask with the access-list , as it has benefit of using the wildcard mask with the access-list , as subnet mask is contiguous and wild card mask is non-contiguous means suppose If we wanted to match on 2 IP addresses, based on the first 8 bits matching, as well as bits 17-24, a traditional mask can't pull that one off (because they have to be in order, from high to low), but the wild card mask could using 0.255.0.255
  • mapletunemapletune Member Posts: 316
    Thanks vishaw,

    that's a great answer =) +rep!
    Studying: vmware, CompTIA Linux+, Storage+ or EMCISA
    Future: CCNP, CCIE
  • johnifanx98johnifanx98 Member Posts: 329
    vishaw1986 wrote: »
    Hey Jojn ,

    Yes its is in program to use wild card mask with the access-list , as it has benefit of using the wildcard mask with the access-list , as subnet mask is contiguous and wild card mask is non-contiguous means suppose If we wanted to match on 2 IP addresses, based on the first 8 bits matching, as well as bits 17-24, a traditional mask can't pull that one off (because they have to be in order, from high to low), but the wild card mask could using 0.255.0.255

    Very very great!
  • vishaw1986vishaw1986 Member Posts: 40 ■■□□□□□□□□
    Thanks to all .....
  • johnifanx98johnifanx98 Member Posts: 329
    vishaw1986 wrote: »
    Hey John ,

    Yes its is in program to use wild card mask with the access-list , as it has benefit of using the wildcard mask with the access-list , as subnet mask is contiguous and wild card mask is non-contiguous means suppose If we wanted to match on 2 IP addresses, based on the first 8 bits matching, as well as bits 17-24, a traditional mask can't pull that one off (because they have to be in order, from high to low), but the wild card mask could using 0.255.0.255

    Still have a question. Even ACL algorithm allows matching of non-contiguous blocks, it makes more sense to use bit 1 to represent the bits matter. In your example, the mask can be 255.0.255.0.
  • james43026james43026 Member Posts: 303 ■■□□□□□□□□
    The subnet mask was built for one reason, and one reason only. To tell you what bits in an IP address belong to the network portion of the address, and which bits belong to the host portion. A wildcard mask doesn't follow the same conventions, they don't need to be contiguous, and instead of representing what bits belong to a network, they represent what bits are available for inspection, and what bits aren't available for inspection. The reason you wouldn't use a subnet mask in an ACL, is that you would only be able to define very broad spectrums of addresses, and would have no granularity. With a wildcard mask you could do something like this.

    Match all 192.168.x.1 addresses:


    permit 192.168.0.1 0.0.255.0

    This isn't something that you can do with a subnet mask. As the IETF designed and standarized the subnet mask/CIDR in 1993, and as such, no vendor can use a subnet mask in a way that is not specified in the IETF standards of CIDR.

    Which is why the wildcard mask was created, although I believe the wildcard mask actually pre-dates the invention of CIDR.
Sign In or Register to comment.