Filter
Top Products
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
Table 9-3. Mask Effect on Selected Octets of the IPv4 Addresses in Table 9-2
Addr Octet Mask Octet 128 64 32 16 8 4 2 1
Range
A 3 0
all bits
252 1 1 1 1 1 1 0 0
B 3 7
last 3 bits
248-255
1 1 1 1 1 0 or 1 0 or 1 0 or 1
C 4 0
all bits
195 1 1 0 0 0 0 1 1
D 2 15
last 4 bits
32-47 0 0 1 0 0 or 1 0 or 1 0 or 1 0 or 1
Shaded areas indicate bit settings that must be an exact match.
If there is a match between the policy in the ACE and the IPv4 address in a
packet, then the packet is either permitted or denied, according to how the
ACE is configured. If there is not a match, the next ACE in the ACL is then
applied to the packet. The same operation applies to a destination IPv4
address (DA) used in an extended ACE. (Where an ACE includes both source
and destination addresses, there is one address/ACL-mask pair for the source
address, and another address/ACL-mask pair for the destination address. See
“Configuring and Assigning an IPv4 ACL” on page 9-34.)
CIDR Notation. For information on using CIDR notation to specify ACL
masks, refer to “Using CIDR Notation To Enter the IPv4 ACL Mask” on page
9-43.
9-33