Is it necessary to provide a wildcard mask in extended ACL?
For example, if I want to block 192.168.5.2 from gaining access to 192.168.7.2, can I write the command as follows?
access-list 107 deny 192.168.5.2 192.168.7.2
acess-list 107 permit any any
int fa 0/0
ip access-group in
Best Answer
You are wrong.
The correct syntax is:
0.0.0.0
is the ACL wildcard of255.255.255.255
which is a single host (/32).0.0.0.255
is the ACL wildcard of255.255.255.0
which is a whole /24 subnet.