Re: Extended Distribute-Lists (looking for examples vs. basicdistribute-lists) Longish

From: Yves Fauser (Yves@xxxxxxxxx)
Date: Fri Aug 10 2001 - 10:13:13 GMT-3

• Next message: Tom Holloway: "RE: Any word on new lab topics?"
• Previous message: Rick Foltz: "OSPF summary address"
• Maybe in reply to: Yves Fauser: "Re: Extended Distribute-Lists (looking for examples vs. basicdistribute-lists) Longish"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi Michael, Group

After thinking about your mail I started to play around a bit. Of course
you could do all this with a prefix list.

If you have a standard ip access-list and you use it with a
distribute-list you'll get the following :

Access-list 10 permit 10.10.1.0
this translates to permit all Network/Subnets that is exactly
00001010.00001010.00000001.00000000 this includes subnet 10.10.1.0 /25
/26 /27 /28 /29 /30. So if you use an standard ip access-list you will
not be able to filter by prefix /24. You are not able to catch the
Subnet zeros.

Access-list 10 permit 10.10.1.0 0.0.0.255
permits every Network/Subnet that starts with
00001010.00001010.00000001. which includes of course 10.10.1.0 /24 and
every "Sub-Subnet" of it.

Access-list 10 permit 10.10.1.0 0.0.3.0
permits every Network/Subnet that starts with
00001010.00001010.000000|nn. and ends with 00000000, this includes
10.10.0.0/24-30, 10.10.1.0/24-30, 10.10.2.0/24-30, 10.10.3.0/24-30.
Again you are not able to filter by prefix /24 because you also catch
all Subnet zeros.

Access-list 100 permit ip host 10.10.1.0 any
does the same as Access-list 10 permit 10.10.1.0

Access-list 100 permit ip 10.10.1.0 0.0.0.255 any
does the same as Access-list 10 permit 10.10.1.0 0.0.0.255

None of the extended ip access list that did not have an "any" at the
end worked in a distribute list.

Now in a Route-map the extended ip access-list works else than in a
distribute list. (This was new to me, thanks Michael).

http://www.groupstudy.com/archives/ccielab/200106/msg00069.html

Access-list 100 permit ip 10.10.0.0 0.0.0.255 host 255.255.255.0
Permit only 10.10.0.0 /24, not any of the Subnet-zeros.

Access-list 100 deny ip any host 255.255.255.0
Access-list 100 permit ip any any
Deny all /24 Subnets, permit all others

Access-list 100 deny ip any 255.255.255.240 0.0.0.15
Access-list 100 permit ip any any
Deny all Subnets greater than /27, permit all others

Access-list 100 permit ip 10.10.0.0 0.0.255.255 255.255.240.0 0.0.15.255

Permits all Subnets of 10.10.0.0/16 that are greater that /20 and deny
all others

Access-list 100 deny ip 10.10.0.0 0.0.255.255 255.255.128.0 0.0.127.255
Access-list 100 permit ip 10.10.0.0 0.0.255.255 255.255.255.240 0.0.0.15

Permits all Subnets of 10.10.0.0/16 in the range greater than /20 and
less than /27

Good luck to all, Yves
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Tom Holloway: "RE: Any word on new lab topics?"
• Previous message: Rick Foltz: "OSPF summary address"
• Maybe in reply to: Yves Fauser: "Re: Extended Distribute-Lists (looking for examples vs. basicdistribute-lists) Longish"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:48 GMT-3