From: Kevin Baumgartner (kbaumgar@xxxxxxxxx)
Date: Fri Sep 29 2000 - 13:36:41 GMT-3
Yea I saw the same and was trying to understand how this access-list works.
So the concept was to only allow the summary route 172.16.0.0 through and
not any of the 172.16.1.0, 172.16.2.0.
And access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
would do this.
But like you I still don't understand how this access-list will do that.
Kevin
At 10:46 AM 9/29/00 -0400, you wrote:
>Hi All,
>
>In Halabi's Internet routing Architecture book he has the following example th
at confuses me (page 310):
>
>If you want to filter 172.16.0.0/16 such that only 172.16.0.0/16 and not 172.1
6.0.0/17, 172.16.0.0/18 ... are
>also permitted you must use and extended access-list. Thus the standard access
-list of will not work:
>
>access-list 1 permit 172.16.0.0 0.0.255.255
>
>
>He then goes on to defined an extended access list as:
>
>access-list access-list-number permit ip network-number network-do-no-care-bit
s mask mask-do-not-care-bit.
>
>And gives the following example:
>
>access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
>
>
>My question is, where did he get that definition of an extended access-list th
at says the second
>set of address/mask pairs is a mask/mask-wildcards pair? Is this specific to h
ow BGP will
>use the extended-access list vs. using the access-list in say an ACL? I alway
s understood the second pair
>was the destination network or host.
>
>Julie Ann
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:09 GMT-3