From: Tony Olzak (aolzak@xxxxxxxxxxxxxxxxxxx)
Date: Fri Sep 29 2000 - 12:42:49 GMT-3
Shouldn't you just use an aggregate-route with the summary-only option to
suppress those other networks? That's seems the easiest to me. If you use an
access-list that says 172.16.0.0 0.0.255.255, I think it would advertise all
three of those networks you listed.
I could be wrong.
Tony
----- Original Message -----
From: "Connary, Julie Ann" <jconnary@cisco.com>
To: <ccielab@groupstudy.com>
Sent: Friday, September 29, 2000 10:46 AM
Subject: question on extended access-lists for BG P route filtering
> Hi All,
>
> In Halabi's Internet routing Architecture book he has the following
example
> that confuses me (page 310):
>
> If you want to filter 172.16.0.0/16 such that only 172.16.0.0/16 and not
> 172.16.0.0/17, 172.16.0.0/18 ... are
> also permitted you must use and extended access-list. Thus the standard
> access-list of will not work:
>
> access-list 1 permit 172.16.0.0 0.0.255.255
>
>
> He then goes on to defined an extended access list as:
>
> access-list access-list-number permit ip network-number
> network-do-no-care-bits mask mask-do-not-care-bit.
>
> And gives the following example:
>
> access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
>
>
> My question is, where did he get that definition of an extended
access-list
> that says the second
> set of address/mask pairs is a mask/mask-wildcards pair? Is this specific
> to how BGP will
> use the extended-access list vs. using the access-list in say an ACL? I
> always understood the second pair
> was the destination network or host.
>
> Julie Ann
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:09 GMT-3