I think is all originated from the principles of: 1 = Do not Cares (Matches everything and anything) 0 = Cares ( Matches only identical corresponding digit)
Maybe it is a hang-on from the old binary digit stuff. Man you have no choice than to do the inverse, else your access-list would not work, except you are ready to develope a router IOS that will use the direct mask. Goodluck Regards. Oletu ----- Original Message ----- From: To: Sent: Saturday, December 29, 2001 10:50 PM Subject: Why use wildcard mask [7:30473] > Hi All, > > I am trying to find out why we do an inverse/wildcard > masks while using access lists? > > For example, if I want to deny 192.168.1.0 255.255.255.0 > network, on the access list, we configure this > as 192.168.1.0 0.0.0.255, but why do we do it this > way instead of 255.255.255.0. > > All this seems to be is just an inverse relationship pointing back at the > same thing? Even if I want to get specific and deny 192.168.1.0 > 255.255.255.192, this translates to 192.168.1.0 0.0.0.63, which seems to be > just the standard mask and subtract 255.255.255.255. > > Is there a specific reason why we do inverse mask? It seems to be easier > just to configure it with normal masks. This way, we skip on an extra > procedure. > > thanks > Mike _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30477&t=30473 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]