IP ACL Operation

Wildcard Masks in ACLs

Wildcard Bit Mask Keywords

Working with decimal representations of binary wildcard mask bits can be tedious. To simplify this task, the keywords host and any help identify the most common uses of wildcard masking. These keywords eliminate entering wildcard masks when identifying a specific host or an entire network. These keywords also make it easier to read an ACL by providing visual clues as to the source or destination of the criteria.

The host keyword substitutes for the 0.0.0.0 mask. This mask states that all IPv4 address bits must match or only one host is matched.

The any option substitutes for the IP address and 255.255.255.255 mask. This mask says to ignore the entire IPv4 address or to accept any addresses.

Example 1: Wildcard Masking Process with a Single IP Address

In Example 1 in the figure, instead of entering 192.168.10.10 0.0.0.0, you can use host 192.168.10.10.

Example 2: Wildcard Masking Process with a Match Any IP Address

In Example 2 in the figure, instead of entering 0.0.0.0 255.255.255.255, you can use the keyword any by itself.

Note: The keywords host and any can also be used when configuring an IPv6 ACL.