From: William Darkwah (william.darkwah@xxxxxxx)
Date: Sat Jul 01 2000 - 17:56:07 GMT-3
Tom,
The only bit you want to care about is the last one in the second
octect, so configure your access-list
mask to put a zero there.
The acces-list to permit all odd numbers in the second octect is
192.168.1.0 mask 0.0.254.255.
If you want to allow specific odd numbers then you need to break them up
further.
William
----- Original Message -----
From: Tom Winters <tjwinter@sprintparanet.com>
To: <ccielab@groupstudy.com>
Sent: Saturday, July 01, 2000 5:47 PM
Subject: Block odd # routes w/acl
> Hi all,
>
> I'm doing the ccbootcamp lab #3. It says block all the odd
> routes from eigrp into ospf. Now if I understand this
> correctly all I need to do is setup a route-map to block
> the odd # routes and use that route-map to redistribute
> eigrp into ospf. Looking at the wildcard bits all I should
> have to is deny the one bit, hence all odd # routes
> shouldn't show.
>
> Block Permit
> 192.168.1.0/24 192.168.2.0/24
> 192.168.3.0/24 192.168.4.0/24
> 192.168.5.0/24 192.168.6.0/24
>
> ip access 1 den 192.168.0.0 0.0.5.255
> ip access 1 per any
> This statement will block routes 1,4,&5. This is what I
> would expect to see and it works.
>
> ip access 1 den 192.168.0.0 0.0.1.255
> ip access 1 per any
> This statement should block all odd # routes, but it
> dosen't. The only route blocked is 192.168.1.0/24.
>
> Here is a copy of the config, version(C2500-JS-L),12.0(8)
>
> Building configuration...
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname r5
> !
> no logging console
> enable password cisco
> !
> ip subnet-zero
> no ip domain-lookup
> ip host r6 2001 137.20.60.1
> !
> !
> !
> interface Loopback0
> ip address 137.20.60.1 255.255.255.0
> no ip directed-broadcast
> !
> interface Ethernet0
> no ip address
> no ip directed-broadcast
> shutdown
> !
> interface Serial0
> ip address 137.20.101.5 255.255.255.0
> no ip directed-broadcast
> encapsulation frame-relay
> ip ospf priority 0
> no ip mroute-cache
> no fair-queue
> clockrate 72000
> frame-relay map ip 137.20.101.1 501 broadcast
> frame-relay map ip 137.20.101.3 501 broadcast
> frame-relay interface-dlci 501
> no frame-relay inverse-arp
> frame-relay lmi-type ansi
> !
> interface Serial1
> ip address 137.20.50.1 255.255.255.0
> no ip directed-broadcast
> !
> router eigrp 1
> redistribute ospf 1 metric 115 1 255 1 1500 match internal
> external 1 external
> 2
> passive-interface Loopback0
> passive-interface Serial0
> network 137.20.0.0
> !
> router ospf 1
> summary-address 10.1.0.0 255.255.0.0
> redistribute eigrp 1 metric 5555 subnets route-map redis
> network 137.20.60.0 0.0.0.255 area 60
> network 137.20.101.0 0.0.0.255 area 0
> !
> ip classless
> !
> access-list 1 deny 192.168.0.0 0.0.1.255
> access-list 1 permit any
> route-map redis permit 10
> match ip address 1
> !
> !
> !
> line con 0
> exec-timeout 0 0
> transport input none
> line aux 0
> exec-timeout 0 0
> transport preferred telnet
> transport input telnet
> stopbits 1
> line vty 0 4
> exec-timeout 0 0
> no login
> !
> end
>
> TAI,
>
> Tom Winters
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:52 GMT-3