From: Basel Tashkandi (basel@xxxxxxxxxxxxx)
Date: Fri Nov 30 2001 - 07:31:28 GMT-3
Hi Ki,
can you give us a sh ip route on the router you are working on?
At 11:21 30/11/2001 +0100, Waters, Kivas (UK72) wrote:
>Uummmm, Yep, appologies for the stupid "permit" etc but I guess you got the
>gist of what I was asking. Here is the example written with a clear head at
>10am.
>
>The problem I have with not specifying the specific mask for the route to be
>filtered is that if I configured, for example "access-list 117 deny ip
>192.168.10.0 0.0.0.255" then the filter would deny the specific route and
>all it's subnets from being filtered. 192.168.10.128/28 would also be
>denyed!! The question asks you to deny ONLY 192.168.10.0/24. I know that
>in a lab scenario, configuring the ACL's listed below under b) as you
>suggest will result in the expected outcome but it is not 100% accurate.
>Does anyone have any idea's?
>
>Lets say that I wanted to deny the following specific routes from being
>learned by a routing process : 192.168.10.0/24 and 172.16.0.0/12
>
>I suspect that answer c) is most correct but what do you IP routing guru's
>think?
>
>a)
>access-list 7 deny 192.168.10.0
>access-list 7 deny 172.16.0.0
>
>b)
>access-list 7 deny 192.168.10.0 0.0.0.255
>access-list 7 deny 172.16.0.0 0.15.255.255
>
>c)
>access-list 117 deny ip 192.168.10.0 0.0.0.255 255.255.255.0 0.0.0.0
>access-list 117 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.0.0.0
>
>regards
>
>Ki
>
>
>-----Original Message-----
>From: Basel Tashkandi [mailto:basel@tashkandi.com]
>Sent: 30 November 2001 09:43
>To: Waters, Kivas (UK72)
>Cc: ccielab@groupstudy.com
>Subject: Re: IP route filtering question
>
>
>Hi Ki,
>As you suspected C is the right one but you don't need the mask for the mask
>it would be enough to only say
>192.168.10.0 0.0.0.255
>of course with deny not permit :)
>At 23:09 29/11/2001 +0100, Waters, Kivas (UK72) wrote:
> >Configuring very specific route filters for route redistribution, split
> >horizon issues and general route filtering is important and I want to make
> >sure that I get it right in the lab. There appears to be a number of ways
> >of implimenting the route filters but what I'm interrested is the ACL's
> >defining the routes to be filtered. The question is, what type of route
> >filters should be used in which circumstances?
> >
> >Here is an example ...
> >
> >Lets say that I wanted to deny the following specific routes from being
> >learned by a routing process : 192.168.10.0/24 and 172.16.0.0/12
> >
> >I suspect that answer c) is most correct but what do you IP routing guru's
> >think?
> >
> >a)
> >access-list 7 permit 192.168.10.0
> >access-list 7 permit 172.16.0.0
> >
> >b)
> >access-list 7 permit 192.168.10.0 0.0.0.255
> >access-list 7 permit 172.16.0.0 0.15.255.255
> >
> >c)
> >access-list 117 permit 192.168.10.0 0.0.0.255 255.255.255.0 0.0.0.0
> >access-list 117 permit 172.16.0.0 0.15.255.255 255.240.0.0 0.0.0.0
> >
> >best regards
> >
> >Ki
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:27 GMT-3