diff --git a/src/emqttd_access_rule.erl b/src/emqttd_access_rule.erl
index 0c632de9b..6b0e08d75 100644
--- a/src/emqttd_access_rule.erl
+++ b/src/emqttd_access_rule.erl
@@ -19,7 +19,7 @@
 -include("emqttd.hrl").
 
 -type who() :: all | binary() |
-               {ipaddr, esockd_access:cidr()} |
+               {ipaddr, esockd_cidr:cidr_string()} |
                {client, binary()} |
                {user, binary()}.
 
@@ -51,8 +51,7 @@ compile({A, Who, Access, TopicFilters}) when ?ALLOW_DENY(A) ->
 compile(who, all) ->
     all;
 compile(who, {ipaddr, CIDR}) ->
-    {Start, End} = esockd_access:range(CIDR),
-    {ipaddr, {CIDR, Start, End}};
+    {ipaddr, esockd_cidr:parse(CIDR, true)};
 compile(who, {client, all}) ->
     {client, all};
 compile(who, {client, ClientId}) ->
@@ -107,9 +106,8 @@ match_who(#mqtt_client{username = Username}, {user, Username}) ->
     true;
 match_who(#mqtt_client{peername = undefined}, {ipaddr, _Tup}) ->
     false;
-match_who(#mqtt_client{peername = {IP, _}}, {ipaddr, {_CDIR, Start, End}}) ->
-    I = esockd_access:atoi(IP),
-    I >= Start andalso I =< End;
+match_who(#mqtt_client{peername = {IP, _}}, {ipaddr, CIDR}) ->
+    esockd_cidr:match(IP, CIDR);
 match_who(Client, {'and', Conds}) when is_list(Conds) ->
     lists:foldl(fun(Who, Allow) ->
                   match_who(Client, Who) andalso Allow