Hi, On Thu, Apr 18, 2013 at 10:21:17PM -0700, sky vader wrote: > when using the following mask errors out as bad mask when used on an > interface. > > labasa(config-if)# ip address 10.0.10.100 255.0.255.255 > ERROR: Bad mask 255.0.255.255 for address 10.0.1.100
This is no longer meaningful, and thus not allowed.
> works on an access-list,
>
> labasa(config-if)#access-list 101 extended permit ip any 10.0.10.150
> 255.0.255.255
This is not a netmask, but a "ignore these bits" wildcard mask (and
particularily for normal networks, it's the *inverse* of the netmask,
so to match everything inside a /24 you'd use 0.0.0.255 in the ACL).
> Just wondering what am I missing?
Interface config needs to build a strictly hierarchical "longest match
first" routing structure, so the netmask needs to be left-contiguous
(nowadays, IOS 9 or 10 still permitted discontiguous netmasks).
ACLs match by clearing ignore bits and then comparing with the given
address, which can operate on any bits in the ACL mask.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpE0HBSuBcSU.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
