> > Barring intentional obfusication, why would anyone actually use that > > wildcard mask in an access list instead of a longer more readable > > alternative? > > CL: since the publication of RFC 1812, the so called "whacky" wildcard masks > are not supported. In other words, for a router to be RFC1812 compliant, it > should not permit you to enter masks that do not consist of cintiguous 1's > and 0's/
Nothing in the rfc would prohibit using funny wildcard masks in an ACL. The point of the contiguous-netmask restriction is to allow cidr to work. Slash notation (e.g. /24) wouldn't make much sense if some of those 24 bits were zeros. One might use an oddball wildcard mask for effeciency - the router wouldn't have to match as many acl lines. Then again, it would only really matter on old routers, and it's operational suicide anyway since nobody will be able to work on it. It might also simplify configs in some places, but (IMHO) at a prohibitive cost in operational simplicity. You can contrive more cases (acls for debug ip packet, servers are all even numbers, whatever...), but i don't think it ever makes sense to actually use this. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58709&t=58644 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]