From: Steven M. Sowell (ssowell@xxxxxxxx)
Date: Mon Feb 11 2002 - 19:39:02 GMT-3
The access-list will work, but when Cisco introduced prefix-lists, they
stated that access-lists for route filtering are obsolete, and that you
should use prefix-lists from now on to do route filtering. Since Cisco says
that they are obsolete, why waste time learning access-lists for
route-filtering?
Steven Sowell
CCIE#7317
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
KK FoK
Sent: Sunday, February 10, 2002 4:16 AM
To: avantus1@hotmail.com; troy@onenet.net; sam_pilot@hotmail.com
Cc: ccielab@groupstudy.com
Subject: Re: Access-list
You may try an extended access-list
access-list 100 permit ip 170.10.0.0 0.0.255.0 255.255.255.0 0.0.0.0
>From: "Kang BS" <avantus1@hotmail.com>
>Reply-To: "Kang BS" <avantus1@hotmail.com>
>To: troy@onenet.net, sam_pilot@hotmail.com
>CC: ccielab@groupstudy.com
>Subject: Re: Access-list
>Date: Sun, 10 Feb 2002 16:30:20 +0900
>
>Thank you all,
>
>I'd like to clarify my question more detail.
>
>- I have 5 routes
> 170.10.1.0 /24
> 170.10.2.0 /24
> 170.10.3.0 /24
> 170.10.16.0 /20
> 170.10.32.0 /20
>- I want to permit only 170.10.x.0 /24 ( x is 1,2,3 here, but can be any
>number)
> and deny any routes with subnet mask other than /24 (here 170.10.16.0/20,
> 170.10.32.0/20)
>
>this is my question.
>and prefix-list is working well.
>
>thanks
>
>BS Kang
>
>>From: Troy Rader <troy@onenet.net>
>>To: Sam Pilot <sam_pilot@hotmail.com>
>>CC: avantus1@hotmail.com
>>Subject: Re: Access-list
>>Date: Fri, 08 Feb 2002 16:15:21 -0600 (CST)
>>
>>I'm not exactly sure why he included the /24 and then asked for help with
>>a mask. I ignored the /24 and assumed that the x meant the 3rd octet was
>>anything (range 0 - 255) and that by stating a 0 in the 4th octet, he
>>meant that it MUST be a zero and only a zero. With a /32, it would imply
>>a single host, and the x implies NOT a single host, so I think that x and
>>/32 are not compatible.
>>
>>I think we agree, but just aren't clear on what he REALLY meant. :)
>>
>>
>>
>>
>>On Fri, 8 Feb 2002, Sam Pilot wrote:
>>
>> > Troy
>> >
>> > I understand what you say but if Kang wanted to permit "170.10.x.0",
>then
>> > he would have said 170.10.x.0/32 and not 170.10.x.0/24...
>> > the 24 bit mask at the end should mean the entire network..
>> >
>> > anyway i guess Kang would be able to clarify the issue..
>> > this issue had me refreshing my wildcard mask concepts ... :-)
>> >
>> >
>> >
>> >
>> > ----- Original Message -----
>> > From: "Troy Rader" <troy@onenet.net>
>> > To: "Sam Pilot" <sam_pilot@hotmail.com>
>> > Sent: Friday, February 08, 2002 4:31 PM
>> > Subject: Re: Access-list
>> >
>> >
>> > > Download the free utilities from www.boson.com. This is what cleared
>it
>> > > up for me. In this example, the 0 in the 4th octet must be a 0 but
>the
>> > > 3rd octet can vary.
>> > >
>> > > 170.10.0-255.0 is the range. To mask this is 0.0.255.0.
>> > >
>> > > It's not so much a real ip range as a challenge of your bit level
>> > > understanding.
>> > >
>> > >
>> > > On Fri, 8 Feb 2002, Sam Pilot wrote:
>> > >
>> > > > they wouldnt it say 170.10.x.0/32
>> > > >
>> > > >
>> > > > ----- Original Message -----
>> > > > From: "Troy Rader" <troy@onenet.net>
>> > > > To: "fathnallah said" <sfathallah@mail.cbi.net.ma>
>> > > > Cc: "Kang BS" <avantus1@hotmail.com>; <ccielab@groupstudy.com>
>> > > > Sent: Friday, February 08, 2002 3:56 PM
>> > > > Subject: Re: Access-list
>> > > >
>> > > >
>> > > > > I think he is looking for:
>> > > > >
>> > > > > access-list 1 permit 170.10.0.0 0.0.255.0
>> > > > >
>> > > > > It appears in his post that the 4th octet MUST be a zero.
>> > > > >
>> > > > >
>> > > > >
>> > > > > On Fri, 8 Feb 2002, fathnallah said wrote:
>> > > > >
>> > > > > > access-list 1 permit 170.10.0.0 0.0.255.255
>> > > > > > ----- Original Message -----
>> > > > > > From: Kang BS <avantus1@hotmail.com>
>> > > > > > To: <ccielab@groupstudy.com>
>> > > > > > Sent: Friday, February 08, 2002 2:14 AM
>> > > > > > Subject: Access-list
>> > > > > >
>> > > > > >
>> > > > > > > Could you anyone help me on access-list?
>> > > > > > >
>> > > > > > > - only permit 170.10.x.0 /24 'x' is any number.
>> > > > > > >
>> > > > > > > thank you in advance
>> > > > > > >
>> > > > > > > BS Kang
>> > > > > > >
>> > > > > > >
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:19 GMT-3