The first command access-list 1 permit 20.2.2.1 permits only the host with IP 20.2.2.1 to send packets through R2. The second command access-list 1 deny 20.2.2.0 0.0.0.255 denies all the subnet 20.2.2.0/24 to send packets through R2. This command uses a wildcard mask 0.0.0.255 which means the first three octets have to be compared.
(Note, if the second command was before the first command then the host with IP 20.2.2.1 couldn’t send packets, because ACLs “execute” the rules from top to bottom)
The third command access-list 1 permit 155.165.0.0 0.0.255.255 permits all the packets coming from the 155.165.0.0/16. Again we use a wildcard mask 0.0.255.255 to tell the R2 to check if the packets coming from that particular network. So only packets from the range 155.165.0.0 – 155.165.255.255 are permitted.
If the wildcard mask was, 0.255.255.255, then the router would compare only the first octet which means, packets coming from 155.0.0.0 – 155.255.255.255 are permitted.
If the wildcard mask was, 0.0.0.255, then the router would compare the first three octets which means, packets coming from 155.165.0.0 – 155.165.0.255 are permitted.
The last commands interface G0/1 and ip access-group 1 in enable the ACL inbound on R2’s G0/1 interface.
Comments
Post a Comment