HPE Community
Comware Based
1819694 Members
3459 Online
109605 Solutions
New Discussion юеВ

How to paste subnet in ACL configuration

 
nandoin
Occasional Contributor

тАО11-20-2017 04:22 AM

тАО11-20-2017 04:22 AM

How to paste subnet in ACL configuration

Hello everyone!

I'm having troubles when going to configure ACLs in Switch 1920 and 5120.

E.g: I need to apply an ACL like this:

rule permit ip source (192.168.50.128/28 - 255.255.255.240) destination any

how do I write the subnet in the correct format? I know /24 is written this way 0.0.0.255 and how /30 /29 /28 /27 are written?

 

Thanks!

0 Kudos
2 REPLIES 2
network_king
HPE Pro

тАО02-28-2018 12:16 AM

тАО02-28-2018 12:16 AM

Re: How to paste subnet in ACL configuration

Please use below table

 

List of Wildcard Mask

 

CIDR  Subnet mask   Wild card Mask
 /32  255.255.255.255   0.0.0.0

/31  255.255.255.254   0.0.0.1

/30  255.255.255.252   0.0.0.3

/29  255.255.255.248   0.0.0.7

/28  255.255.255.240   0.0.0.15

/27  255.255.255.224   0.0.0.31

/26  255.255.255.192   0.0.0.63

/25  255.255.255.128   0.0.0.127

/24  255.255.255.0   0.0.0.255

 

ACL syntax : [HP-acl-xxx-XXXX] rule 5 permit ip source <ip_add> <wildcard_mask>  destination <ip_add> <wildcard_mask>

I am an HPE Employee

Accept or Kudo

0 Kudos
dcatcha
New Member

тАО03-01-2018 05:46 AM

тАО03-01-2018 05:46 AM

Re: How to paste subnet in ACL configuration

It is not the same with an HP ACL see page 8 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03187008

from guide:

A wildcard mask, also called an inverse mask, is a 32-bit binary number represented in dotted decimal

notation. In contrast to a network mask, the 0 bits in a wildcard mask represent "do care" bits, and the

1 bits represent "don't care" bits. If the "do care" bits in an IP address are identical to the "do care" bits

in an IP address criterion, the IP address matches the criterion. All "don't care" bits are ignored. The 0s

and 1s in a wildcard mask can be noncontiguous. For example, 0.255.0.255 is a valid wildcard mask.

 

I would expect it to be written

permit ip source 192.168.1.0 0.0.0.255 destination any                          = /24
permit ip source 192.0.0.0 255.0.0.0 destination any                               = /28

 

The numbers after the IP are match criteria 0= match 255 = could be anything.
 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.