From: ying chang (ying_c@xxxxxxxxxxx)
Date: Mon Mar 25 2002 - 13:14:32 GMT-3
Hi guys,
Thanks a lot. This is exactly what I was looking for. I wasn't sure it could
be replaced by a one liner.
Thanks,
Chang
>From: "Howard C. Berkowitz" <hcb@gettcomm.com>
>Reply-To: "Howard C. Berkowitz" <hcb@gettcomm.com>
>To: ccielab@groupstudy.com
>Subject: Re: ip prefix-list equivalent
>Date: Mon, 25 Mar 2002 09:33:38 -0500
>
>>"Engelhard M. Labiro" <engelhard@netmarks.co.jp> wrote,
>
>
>
>>?I think the original poster wants the equivalent command of
>>a prefix-list which deny a network with netmask greater than or
>>equal to /25, which are /25, /26, /27, /28, /29, /30, /31 and /32.
>>
>>I think, this can not be done with one line of access-list ,
>>there must be several lines of access-list as follow:
>>
>>access-list 101 deny ip any host 255.255.255.128
>>access-list 101 deny ip any host 255.255.255.192
>>access-list 101 deny ip any host 255.255.255.224
>>access-list 101 deny ip any host 255.255.255.240
>>access-list 101 deny ip any host 255.255.255.248
>>access-list 101 deny ip any host 255.255.255.252
>>access-list 101 deny ip any host 255.255.255.254
>>
>>I am thinking to summarize in one line of those access-lists,
>>but I can`t find it. So, please someone correct me if I am wrong.
>
>You are quite correct. Historically, prefix length restrictions
>using conventional access lists were first implemented by Sean Doran
>when he was at Sprint. He wrote a program to generate the necessary
>statements, which ran about 16 pages of rules.
>
>>
>>> I do a test but using /16 instead of /25 and it work. The access list
>>> look like this :
>>>
>>> access-list 111 per ip any 255.255.0.0 0.0.0.0 log
>>>
>>> Show access-list
>>> ================
>>> Extended IP access list 111
>>> permit ip any host 255.255.0.0 log (1 match)
>>>
>>> r1#sho ip bgp
>>>
>>> Network Next Hop Metric LocPrf Weight Path
>>> *>i160.0.0.0 148.4.2.2 0 100 0 i
>>> *> 192.1.1.1/32 148.4.4.4 0 11 101 i
>>>
>>> Parry Chua
>>>
>>> -----Original Message-----
>>> From: ying chang [mailto:ying_c@hotmail.com]
>>> Sent: Monday, March 25, 2002 5:33 AM
>>> To: ccielab@groupstudy.com
>>> Subject: ip prefix-list equivalent
>>>
>>>
>>> Hi,
>>>
>>> How can you do the following without using the ip prefix-list?
>>> These two
>>> statements can be used to deny /25+ netmask (first statement
>>> deny /25+,
>>> second statement permit any):
>>>
>>> ip prefix-list long seq 5 deny 0.0.0.0/0 ge 25
>>> ip prefix-list long seq 10 permit 0.0.0.0/0 le 32
>>>
>> > I have trouble to get access-list equivalent for the first statement.
>
>--
>"What Problem are you trying to solve?"
>***send Cisco questions to the list, so all can benefit -- not
>directly to me***
>******************************************************************************
**
>Howard C. Berkowitz hcb@gettcomm.com
>Chief Technology Officer, GettLab/Gett Communications
>http://www.gettlabs.com
>Technical Director, CertificationZone.com http://www.certificationzone.com
>"retired" Certified Cisco Systems Instructor (CID) #93005
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:21 GMT-3