I am trying to create named extended access-lists on Cisco IOS on an 800 series router, but it changes the destination network to 0.0.0.0.
Example:
ip access-list extended ACL-TEST
permit tcp host 192.168.1.44 192.168.2.0 255.255.255.0 eq 44818
exit
is accepted with no errors, but then when I run "show access-lists" the output is:
Extended IP access list ACL-TEST
10 permit tcp host 192.168.1.44 0.0.0.0 255.255.255.0 eq 44818
What am I doing wrong? Thanks.
Best Answer
Access lists do not use an ordinary subnet mask. They use a "wildcard " mask. A wildcard mask is the ones complement of the subnet mask. So 255.255.255.0 becomes 0.0.0.255