From: Pamela Forsyth (pforsyth@xxxxxxxxx)
Date: Fri Dec 29 2000 - 17:01:54 GMT-3
Curtis,
The extended IP access list is used in BGP prefix filtering. The first
address-mask pair (which you were probably taught to think of in
ICRC/ICND/ACRC classes as "source IP address & mask") defines the prefix
and how many bits of it to match. The second pair (which you may have
known previously as "destination IP address & mask") is used to define a
range of prefix lengths. "Host" is just a keyword that means "match all 32
bits of the following address." So this entire statement means "permit
135.17.0.0/16, exactly."
BTW, what Cisco wants you to use for prefix filtering starting with release
12.0 is the "prefix-list." It gives you the same flexibility as the
extended IP address with respect to allowing you to filter a range of
prefix lengths in a single statment, but the syntax is a LOT easier to
understand and use, and it presumably saves processor cycles in the router.
Pamela
At 12:52 PM 12/29/00 -0500, you wrote:
>Hello,
>
>I have encountered an distribute-list applied in an EBGP peering statement in
>a production network as follows:
>
>access-list 190 permit ip host 135.17.0.0 host 255.255.0.0
>
>Can someone interpret this in plain english?
>
>Thanks,
>
>Curtis
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:26:13 GMT-3