RE: selecting based on SN-mask in ACL

From: SPIKKER,FRED (HP-Netherlands,ex1) (fred_spikker@xxxxxx)
Date: Thu Aug 02 2001 - 18:43:12 GMT-3

• Next message: Chuck Church: "RE: boot from tftp"
• Previous message: Bob Chahal: "Re: If you didn't know the IPX EIGRP AS no."
• Maybe in reply to: SPIKKER,FRED (HP-Netherlands,ex1): "selecting based on SN-mask in ACL"
• Next in thread: Ademola Osindero: "Re: selecting based on SN-mask in ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Greg,

I agree with you, if you're talking about an ACL in the 'normal' context.
I think Bruno is completely right, if you are using extended ACL in combi
with route map.
My config works according to his statement.

Thanks anyway.

Regards,

> Fred Spikker
> Network Solution Consultant
>
> Hewlett Packard Amstelveen
> Network & Service Provider Services
> Build it Fast, Keep it Running
>
> Tel: +31 (0)20 547 9048 (or T 547 9048)
> E-mail: fred_spikker@hp.com
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>

-----Original Message-----
From: Gregory W. Posey Jr. [mailto:gposey@conects.com]
Sent: Thursday, August 02, 2001 2:24 PM
To: Bruno Poussard; ccielab@groupstudy.com
Subject: RE: selecting based on SN-mask in ACL

The host 255.255.255.255 is to deny broadcasts (All 1's)

Thank you,
Greg Posey Jr.
CONECTS Network Analyst
CCNP - Security Specialist
Cisco Voice Access Specialist
313-875-2088 ext. 347
www.conects.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Bruno Poussard
Sent: Thursday, August 02, 2001 5:22 AM
To: ccielab@groupstudy.com
Subject: RE: selecting based on SN-mask in ACL

An extended access-list in a route-map (or a suppress-map which is a kind of
route-map) is used like this :

Source@ip + Source Wilcard = Network@ip + wildcard
Destination@ip + Destination Wildcard = Subnet + wildcard from previously
network

In your case the first part is Network@ip + wildcard = 0.0.0.0
255.255.255.255 and the 2nd part is Subnet + wildcard = 255.255.255.255
0.0.0.0
That is any network or host with a mask of exactly 255.255.255.255

Try to see if it does make sense in your lab

Bruno #6424

-----Message d'origine-----
De : nobody@groupstudy.com [mailto:nobody@groupstudy.com]De la part de
SPIKKER,FRED (HP-Netherlands,ex1)
Envoyi : jeudi 2 ao{t 2001 10:49
@ : ccielab@groupstudy.com
Objet : selecting based on SN-mask in ACL

Hi all,

When looking at suppress maps for BGP, I ran into an ACL-line that I find
hard to understand (though it works!).
Can anyone try to explain this to me?

"access-list 110 deny ip any host 255.255.255.255"

I would translate it into english like: "deny from any source to a host with
dest. ip address 255.255.255.255."

Apparently, it should be something like: " deny any source with SN mask of
255.255.255.255"

I could learn this line by heart for implementing suppress maps, but rather
understand what I'm doing..

So please let me know.

Thanks!

Fred.
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Chuck Church: "RE: boot from tftp"
• Previous message: Bob Chahal: "Re: If you didn't know the IPX EIGRP AS no."
• Maybe in reply to: SPIKKER,FRED (HP-Netherlands,ex1): "selecting based on SN-mask in ACL"
• Next in thread: Ademola Osindero: "Re: selecting based on SN-mask in ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:43 GMT-3