From: Clifton Stewart (cliftonlstewart@xxxxxxxx)
Date: Thu Apr 19 2001 - 04:33:54 GMT-3
Lachlan,
Another method is using ip prefix-list. You can specify the subnet mask length
for example 192 would be le =26. You can also specify greater than 24 and/or
less than a specific mask. These offer great flexibility when creating access
policies.
http://www.cisco.com/warp/public/459/22.html
-Cliff
Lachlan Kidd wrote:
> Hi David,
> Yes you can do something like this.
>
> access-list 101 permit ip 192.168.100.0 0.0.0.255 255.255.255.0 0.0.0.255
>
> which (if I remember correctly) will only allow 192.168.100.0/24. Basically
> this access-list is in two parts. First the network and wildcard mask
> followed by the network mask and wildcard mask. I've only seen this used
> with BGP though, not sure if it works with IGPs.
> HTH,
> Lachlan
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> David Anderson
> Sent: Thursday, 19 April 2001 4:22:PM
> To: ccielab@groupstudy.com
> Subject: access-list?
>
> Does anyone know if you can specify an extended access list to match on
> subnet mask length? I seem to remember someone on the list pointing that
> out. An example would be if I had a the same network with different mask
> lengths, but only want to permit /24 or something like that.
> Thanks,
> David
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:50 GMT-3