From: smaljure@xxxxxxxxxxxxxxxxx
Date: Fri Sep 29 2000 - 12:26:36 GMT-3
Hi
The extended access-list normally has the interpretation of <<the
destination network or host>>
Within the context of BGP, we can use the extended access-list to specify
the mask associated with the network to be filtered or controlled.
I do not know where it came from though. It works
Sanjay
-----Original Message-----
From: Connary, Julie Ann [mailto:jconnary@cisco.com]
Sent: Friday, September 29, 2000 10:46 AM
To: ccielab@groupstudy.com
Subject: question on extended access-lists for BG P route filtering
Hi All,
In Halabi's Internet routing Architecture book he has the following example
that confuses me (page 310):
If you want to filter 172.16.0.0/16 such that only 172.16.0.0/16 and not
172.16.0.0/17, 172.16.0.0/18 ... are
also permitted you must use and extended access-list. Thus the standard
access-list of will not work:
access-list 1 permit 172.16.0.0 0.0.255.255
He then goes on to defined an extended access list as:
access-list access-list-number permit ip network-number
network-do-no-care-bits mask mask-do-not-care-bit.
And gives the following example:
access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
My question is, where did he get that definition of an extended access-list
that says the second
set of address/mask pairs is a mask/mask-wildcards pair? Is this specific
to how BGP will
use the extended-access list vs. using the access-list in say an ACL? I
always understood the second pair
was the destination network or host.
Julie Ann
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:09 GMT-3