Wired Intelligent Edge

One question @ end of this post.

Re: AOS-CX 8320 <<< ACLs SUBNET-MASK versus WILDCARD Masks

The AOS-X manuals mention SUBNET-MASK when discussing ACL/ACE.

The following SYSTEMS use network Access-List WILDCARD Masking:

HP PRocurve

HPE Provision

ArubaOS Switch

Cisco

It appears HPE ArubaOS-CX uses SUBNET-MASK and not wildcarding:

A.B.C.D         Specify source IP host address

A.B.C.D/M     Specify source IP network address with prefix length

A.B.C.D/W.X.Y.Z    Specify source IP network address with network mask

NAME            Specify source IP address group

any                 Any source IP address

QUESTION:

HPE AOS-CX ACL MASKING is just opposite of the previosly mentioned SYSTEMS?  Is my interpretation correct???

thanks...gracias....danke....merci

Yes CX use a "normal" masking (and not wildcard like before...)

Sorry to ressurrect this thread, but does that mean you are no longer able to make "intelligent" masking of certain bits using the subnet mask?

FX: On procurve you could permit traffic to 172.16.0.0/16 and 172.24.0.0/16 using a one liner like this:

permit ip any 172.16.0.0 0.8.255.255

Is this no longer possible with CX, or does it do the same thing using bits set to zero in the subnet mask to indicate which hostbits to ignore?

aka: permit ip any 172.16.0.0/255.247.0.0 ?