Question on Extended ACL. Pls help

[kelvinwgr]

Hi Guys,

Appreciate if somebody can explain to me on the following. I don't quite understand the command lines below:

Router1#show ip access-lists
extended ip access list 100
10 permit tcp 172.16.16.0 0.0.0.15 host 172.16.48.63 eq 22
20 permit tcp 172.16.16.0 0.0.0.15 eq telnet host 171.16.48.63

//What does this command do? The wildcard mask 0.0.0.15 for this case means 172.16.16.15? The first line I am still alright. However, the 2nd line, I got struck.//

and

Router1(config)#int fa0/0
Router1(config-if)#ip  access-group 100 in

//what does the ip access-group 100 in do?//


Pls help. Thanks.

[brightside2d]

Router1#show ip access-lists
extended ip access list 100 - Extended access-list (fairly straight forward)
10 permit tcp 172.16.16.0 0.0.0.15 host 172.16.48.63 eq 22 The 0.0.0.15 wildcard mask means 255.255.255.240 subnet.  To get the wildcard mask subtract 255.255.255.255 from the subnet mask.  So 255.255.255.255 - 255.255.255.240 = 0.0.0.15
20 permit tcp 172.16.16.0 0.0.0.15 eq telnet host 171.16.48.63 same thing here

So your range covered by the wildcard mask is  for 172.16.16.0 - 172.16.16.16

and

Router1(config)#int fa0/0
Router1(config-if)#ip  access-group 100 in This line connects the interface (fa0/0) to the access-list 100

//what does the ip access-group 100 in do?//

[megathumpzilla]

access list in- apply before it gets to the inside interface from the outside interface. Same port, different directions.the point of view is from the router.

TCP needs port numbers.