From: Yves Fauser (Yves@xxxxxxxxx)
Date: Thu Aug 09 2001 - 20:42:34 GMT-3
Michael,
If you type
access-list 10 permit 10.1.0.0 0.0.0.255
access-list 10 permit 10.1.1.0 0.0.0.255
this should also include the "sub-subnets" of 10.1.0.0/24 and 10.1.1.0/24.
If you type
access-list 1 permit 10.1.0.0
access-list 1 permit 10.1.1.0
your access-list contains an implicit wildcard of 0.0.0.0, so you are only
matching 10.1.0.0/24 and 10.1.1.0/24 and not the "sub-subnets".
Your access-lists 20 & 21 do the same as 10 & 11, they would not allow any subn
ets
of 10.1.0.0 /22, this includes your 4 x /24 Network's.
As an extended Access-list you could write
access-list 101 permit ip 10.1.0.0 <wildcard> any
Read :
http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cip.htm#xt
ocid10517103
Good luck, Yves
P.S. 10.1.1.0 / 24 is not a class C network, it's still a class A network, but
with a 16 bits subnetwork address.
Michael Snyder wrote:
> I'm assuming that extended access lists use in distribute lists and route map
s
> act the same way. Basically that bunch of routes are processed by the access
> list, and what ever comes out is used by the redistribute process in
> question.
>
> My problem is I'm having a hard time wrapping my head around the extended
> access list functionality.
>
> Say I have two networks made up of three routers each.
>
> Network one has subnets:
>
> 10.1.0.0/24
> 10.1.1.0/24
> 10.1.2.0/24
> 10.1.3.0/24
>
> Network two has subnets:
>
> 10.1.4.0/24
> 10.1.5.0/24
> 10.1.6.0/24
> 10.1.7.0/24
>
> Say I wish to redistribute from igrp 100 (network one) and igrp 200 (network
> two). I also wish to control any feedback routes therefore I use a distribute
> list to permit and block the routes.
>
> On a router connected to both networks.
>
> router igrp 100
> redistribute igrp 200
> distribute-list 10 out igrp 200
>
> router igrp 200
> redistribute igrp 100
> distribute-list 11 out igrp 100
>
> access-list 10 permit 10.1.0.0 0.0.0.255
> access-list 10 permit 10.1.1.0 0.0.0.255
> access-list 10 permit 10.1.2.0 0.0.0.255
> access-list 10 permit 10.1.3.0 0.0.0.255
>
> access-list 11 deny 10.1.0.0 0.0.0.255
> access-list 11 deny 10.1.1.0 0.0.0.255
> access-list 11 deny 10.1.2.0 0.0.0.255
> access-list 11 deny 10.1.3.0 0.0.0.255
> access-list 11 permit any
>
> ---------------------------------------------------------
>
> Question #1
>
> Caslow (page 425) shows an example of this with access list format of
>
> access-list 1 permit 10.1.0.0
> access-list 1 permit 10.1.1.0
> access-list 1 permit 10.1.2.0
> access-list 1 permit 10.1.3.0
>
> Does this have the same functionality as my access list 10? In other words,
> Am I permitting only class C routes while his could permit any network that
> has that network number, for example 10.1.0.1/30 also would have a network
> number of 10.1.0.0
>
> Follow up question, would both access list 1 and 10 block route 10.1.0.5/30
> because it has the network number of 10.1.0.4 not 10.1.1.0?
>
> ---------------------------------------------------------
>
> Question #2
>
> Condensing my access list 10 & 11 --> 20 & 21
>
> access-list 20 permit 10.1.0.0 0.0.3.255
>
> access-list 21 deny 10.1.0.0 0.0.3.255
> access-list 21 permit any
> Does the condensed versions of 10 & 11, shown as 20 & 21 have the same route
> passing and blocking results of the original lists?
>
> Follow up question related to question one, how does access-list 20 know that
> I just wanted class C routes? In other words, do these basic route access
> lists act over inclusive ranges based on wildcard mask, or exclusive exact
> matches based on network number?
>
> ---------------------------------------------------------
>
> Question #3 (the reason I started writing this email)
>
> What does access list 10 & 11 and/or 20 & 21 look like as an extended access
> list? I followed the email threads a week ago, but still can't do this.
>
> access-list 110 permit 10.1.0.0 ? ? ?
>
> Thanks for Your Time,
>
> Michael
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:48 GMT-3