From: Michael Snyder (msnyder@xxxxxxx)
Date: Thu Aug 09 2001 - 13:21:53 GMT-3
I'm assuming that extended access lists use in distribute lists and route maps
act the same way. Basically that bunch of routes are processed by the access
list, and what ever comes out is used by the redistribute process in
question.
My problem is I'm having a hard time wrapping my head around the extended
access list functionality.
Say I have two networks made up of three routers each.
Network one has subnets:
10.1.0.0/24
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
Network two has subnets:
10.1.4.0/24
10.1.5.0/24
10.1.6.0/24
10.1.7.0/24
Say I wish to redistribute from igrp 100 (network one) and igrp 200 (network
two). I also wish to control any feedback routes therefore I use a distribute
list to permit and block the routes.
On a router connected to both networks.
router igrp 100
redistribute igrp 200
distribute-list 10 out igrp 200
router igrp 200
redistribute igrp 100
distribute-list 11 out igrp 100
access-list 10 permit 10.1.0.0 0.0.0.255
access-list 10 permit 10.1.1.0 0.0.0.255
access-list 10 permit 10.1.2.0 0.0.0.255
access-list 10 permit 10.1.3.0 0.0.0.255
access-list 11 deny 10.1.0.0 0.0.0.255
access-list 11 deny 10.1.1.0 0.0.0.255
access-list 11 deny 10.1.2.0 0.0.0.255
access-list 11 deny 10.1.3.0 0.0.0.255
access-list 11 permit any
---------------------------------------------------------
Question #1
Caslow (page 425) shows an example of this with access list format of
access-list 1 permit 10.1.0.0
access-list 1 permit 10.1.1.0
access-list 1 permit 10.1.2.0
access-list 1 permit 10.1.3.0
Does this have the same functionality as my access list 10? In other words,
Am I permitting only class C routes while his could permit any network that
has that network number, for example 10.1.0.1/30 also would have a network
number of 10.1.0.0
Follow up question, would both access list 1 and 10 block route 10.1.0.5/30
because it has the network number of 10.1.0.4 not 10.1.1.0?
---------------------------------------------------------
Question #2
Condensing my access list 10 & 11 --> 20 & 21
access-list 20 permit 10.1.0.0 0.0.3.255
access-list 21 deny 10.1.0.0 0.0.3.255
access-list 21 permit any
Does the condensed versions of 10 & 11, shown as 20 & 21 have the same route
passing and blocking results of the original lists?
Follow up question related to question one, how does access-list 20 know that
I just wanted class C routes? In other words, do these basic route access
lists act over inclusive ranges based on wildcard mask, or exclusive exact
matches based on network number?
---------------------------------------------------------
Question #3 (the reason I started writing this email)
What does access list 10 & 11 and/or 20 & 21 look like as an extended access
list? I followed the email threads a week ago, but still can't do this.
access-list 110 permit 10.1.0.0 ? ? ?
Thanks for Your Time,
Michael
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:47 GMT-3