From: Muthu Mohanasundaram (mmsundar@xxxxxxxxx)
Date: Fri May 26 2000 - 23:40:15 GMT-3
Hi Earl,
I think what you need is this;
access-list 101 permit ip 160.0.0.0 0.255.255.255
255.0.0.0 0.0.0.0 ( and not 255.0.0.0 0.255.255.255)
Here the 160.0.0.0 0.255.255.255 means the all the IP
addresses whose first octect is 160.
The 255.0.0.0 0.0.0.0 means that the mask of the above
supernet should be exactly 255.0.0.0 ( as specified by
the windcards 0.0.0.0) In this case the second pair is
not the destination address and mask.
For more info see Page 310 of Bassam Halabi.
Good Luck,
Mohan.
--- Earl Aboytes <earl@linkline.com> wrote:
> Here is a kewl question.
>
> Can anyone explain what is going on here?
> Using access lists to filter supernets is a bit
> tricky. Assume, for example, that a router has
> different subnets of 160.10.x.x and you want to
> advertise 160.0.0.0/8 only. The following access
> list would permit 160.0.0.0/8, 160.0.0.0/9 and so on
> (remember, this is a class B address space).
> access-list 1 permit 160.0.0.0 0.0.0.255
>
> To restrict the update to 160.0.0.0/8 only, you have
> to use an extended access list, such as the
> following:
> access-list 101 permit ip 160.0.0.0 0.255.255.255
> 255.0.0.0 0.255.255.255
>
> What are they talking about!?!?!?!?
> To me it looks like the destination network is
> 255.0.0.0/8. Is that what is supposed to be going
> on here? Can anyone shed some light on this?
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:31 GMT-3