HP ProCurve Secure 7000dl Series Basic Management And Configuration Manual page 413

Router OS should match the corresponding bit in the IP address. You use a 1
to indicate that the Secure Router OS should ignore the corresponding bit in
the IP address. In other words, the Secure Router OS does not have to match
that bit.
For example, you might enter:
ProCurve(config-ext-nacl)# deny ip any 192.115.1.0 0.0.0.255
Essentially, you use the wildcard bits to specify the subnet that you want the
Secure Router OS to match for a particular packet field (such as the source
address). For example, if you enter 192.115.1.90 with the wildcard bits
0.0.0.255, the Secure Router OS will not match any address bits in the fourth
octet of the IP address. The Secure Router OS will match incoming packets
to the IP subnet address 192.115.1.0 /24 (because it will not match the bits in
the fourth octet). (See Figure 8-7.)
192.168.1.0 0.0.0.3
192.168.1.0 0.0.0.31
192.168.1.0 0.0.0.255
Figure 8-7. Understanding Wildcard Bits
Implicit "Deny Any" Entry. Each ACL includes an implicit "deny any"
entry at the end of the list. If a packet does not match any entry in the ACL
you create, it matches the implicit "deny any" entry.
When you configure an ACL to select interesting traffic, you should permit at
least one host. Otherwise, you will, in effect, prevent the dial-up connection
from becoming active.
Log. Include the log option if you want the Secure Router OS to log a
message:
when debug access-list is enabled for this ACL
when a packet matches this ACL
For example, a log will be generated when a packet triggers the dial-up
connection.
Configuring Demand Routing for Primary ISDN Modules
Using Demand Routing for ISDN Connections
128 68 32 16 8 4 2
0 0 0 0 0 0 1
0 0 0 1 1 1 1
1 1 1 1 1 1 1
Ignore the last two
address bits in the
1
fourth octet
1
Ignore last five
1
address bits in the
1
fourth octet
Do not match address
bits in the fourth octet
8-21