From: Engelhard M. Labiro (engelhard@xxxxxxxxxxxxxx)
Date: Mon Mar 25 2002 - 08:37:42 GMT-3
I think the original poster wants the equivalent command of
a prefix-list which deny a network with netmask greater than or
equal to /25, which are /25, /26, /27, /28, /29, /30, /31 and /32.
I think, this can not be done with one line of access-list ,
there must be several lines of access-list as follow:
access-list 101 deny ip any host 255.255.255.128
access-list 101 deny ip any host 255.255.255.192
access-list 101 deny ip any host 255.255.255.224
access-list 101 deny ip any host 255.255.255.240
access-list 101 deny ip any host 255.255.255.248
access-list 101 deny ip any host 255.255.255.252
access-list 101 deny ip any host 255.255.255.254
I am thinking to summarize in one line of those access-lists,
but I can`t find it. So, please someone correct me if I am wrong.
> I do a test but using /16 instead of /25 and it work. The access list
> look like this :
>
> access-list 111 per ip any 255.255.0.0 0.0.0.0 log
>
> Show access-list
> ================
> Extended IP access list 111
> permit ip any host 255.255.0.0 log (1 match)
>
> r1#sho ip bgp
>
> Network Next Hop Metric LocPrf Weight Path
> *>i160.0.0.0 148.4.2.2 0 100 0 i
> *> 192.1.1.1/32 148.4.4.4 0 11 101 i
>
> Parry Chua
>
> -----Original Message-----
> From: ying chang [mailto:ying_c@hotmail.com]
> Sent: Monday, March 25, 2002 5:33 AM
> To: ccielab@groupstudy.com
> Subject: ip prefix-list equivalent
>
>
> Hi,
>
> How can you do the following without using the ip prefix-list?
> These two
> statements can be used to deny /25+ netmask (first statement
> deny /25+,
> second statement permit any):
>
> ip prefix-list long seq 5 deny 0.0.0.0/0 ge 25
> ip prefix-list long seq 10 permit 0.0.0.0/0 le 32
>
> I have trouble to get access-list equivalent for the first statement.
>
> Thanks,
> Chang
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:21 GMT-3