How2pass.com Forums

How2pass.com Forums > CCNA > Answer this question > Question on Extended ACL. Pls help
Full Version: Question on Extended ACL. Pls help
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

kelvinwgr

11-24-2010, 02:11 PM
Hi Guys,

Appreciate if somebody can explain to me on the following. I don't quite understand the command lines below:

Router1#show ip access-lists
extended ip access list 100
10 permit tcp 172.16.16.0 0.0.0.15 host 172.16.48.63 eq 22
20 permit tcp 172.16.16.0 0.0.0.15 eq telnet host 171.16.48.63

//What does this command do? The wildcard mask 0.0.0.15 for this case means 172.16.16.15? The first line I am still alright. However, the 2nd line, I got struck.//

and

Router1(config)#int fa0/0
Router1(config-if)#ip  access-group 100 in

//what does the ip access-group 100 in do?//


Pls help. Thanks.

brightside2d

12-01-2010, 11:55 PM
Router1#show ip access-lists
extended ip access list 100 - Extended access-list (fairly straight forward)
10 permit tcp 172.16.16.0 0.0.0.15 host 172.16.48.63 eq 22 The 0.0.0.15 wildcard mask means 255.255.255.240 subnet.  To get the wildcard mask subtract 255.255.255.255 from the subnet mask.  So 255.255.255.255 - 255.255.255.240 = 0.0.0.15
20 permit tcp 172.16.16.0 0.0.0.15 eq telnet host 171.16.48.63 same thing here

So your range covered by the wildcard mask is  for 172.16.16.0 - 172.16.16.16

and

Router1(config)#int fa0/0
Router1(config-if)#ip  access-group 100 in This line connects the interface (fa0/0) to the access-list 100

//what does the ip access-group 100 in do?//

megathumpzilla

09-24-2011, 08:21 PM

access list in- apply before it gets to the inside interface from the outside interface. Same port, different directions.the point of view is from the router.

TCP needs port numbers.



How2pass.com Forums > CCNA > Answer this question > Question on Extended ACL. Pls help