From: SFeldberg@xxxxxxxxxxxxx
Date: Fri Nov 30 2001 - 17:23:37 GMT-3
Try this variation while using a route-map
!
route-map ospf2eigrp
match ip address 117
!
access-list 117 deny ip host 192.168.10.0 host 255.255.255.0
access-list 117 deny ip host 172.16.0.0 host 255.240.0.0
access-list 117 ip permit any any
Steve
"Waters, Kivas
(UK72)" To: Basel Tashkandi <basel@tas
hkandi.com>, ccielab@groupstudy.com
<Kivas.Waters@Hone cc:
ywell.com> Subject: RE: IP route filterin
g question
Sent by:
nobody@groupstudy.
com
11/30/2001 05:21
AM
Please respond to
"Waters, Kivas
(UK72)"
Uummmm, Yep, appologies for the stupid "permit" etc but I guess you got the
gist of what I was asking. Here is the example written with a clear head
at
10am.
The problem I have with not specifying the specific mask for the route to
be
filtered is that if I configured, for example "access-list 117 deny ip
192.168.10.0 0.0.0.255" then the filter would deny the specific route and
all it's subnets from being filtered. 192.168.10.128/28 would also be
denyed!! The question asks you to deny ONLY 192.168.10.0/24. I know that
in a lab scenario, configuring the ACL's listed below under b) as you
suggest will result in the expected outcome but it is not 100% accurate.
Does anyone have any idea's?
Lets say that I wanted to deny the following specific routes from being
learned by a routing process : 192.168.10.0/24 and 172.16.0.0/12
I suspect that answer c) is most correct but what do you IP routing guru's
think?
a)
access-list 7 deny 192.168.10.0
access-list 7 deny 172.16.0.0
b)
access-list 7 deny 192.168.10.0 0.0.0.255
access-list 7 deny 172.16.0.0 0.15.255.255
c)
access-list 117 deny ip 192.168.10.0 0.0.0.255 255.255.255.0 0.0.0.0
access-list 117 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.0.0.0
regards
Ki
-----Original Message-----
From: Basel Tashkandi [mailto:basel@tashkandi.com]
Sent: 30 November 2001 09:43
To: Waters, Kivas (UK72)
Cc: ccielab@groupstudy.com
Subject: Re: IP route filtering question
Hi Ki,
As you suspected C is the right one but you don't need the mask for the
mask
it would be enough to only say
192.168.10.0 0.0.0.255
of course with deny not permit :)
At 23:09 29/11/2001 +0100, Waters, Kivas (UK72) wrote:
>Configuring very specific route filters for route redistribution, split
>horizon issues and general route filtering is important and I want to make
>sure that I get it right in the lab. There appears to be a number of ways
>of implimenting the route filters but what I'm interrested is the ACL's
>defining the routes to be filtered. The question is, what type of route
>filters should be used in which circumstances?
>
>Here is an example ...
>
>Lets say that I wanted to deny the following specific routes from being
>learned by a routing process : 192.168.10.0/24 and 172.16.0.0/12
>
>I suspect that answer c) is most correct but what do you IP routing guru's
>think?
>
>a)
>access-list 7 permit 192.168.10.0
>access-list 7 permit 172.16.0.0
>
>b)
>access-list 7 permit 192.168.10.0 0.0.0.255
>access-list 7 permit 172.16.0.0 0.15.255.255
>
>c)
>access-list 117 permit 192.168.10.0 0.0.0.255 255.255.255.0 0.0.0.0
>access-list 117 permit 172.16.0.0 0.15.255.255 255.240.0.0 0.0.0.0
>
>best regards
>
>Ki
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:27 GMT-3