Filtering Supernets w/o losing subnets.

From: David Wakeman (David.Wakeman@xxxxxxxxxx)
Date: Mon Apr 22 2002 - 06:53:49 GMT-3

• Next message: Dennis.D.Adekola@xxxxxxxxxxxxxxxxxx: "RE: when should we use" promiscuous" keyword in dlsw config?"
• Previous message: steven.j.nelson@xxxxxx: "RE: when should we use" promiscuous" keyword in dlsw config?"
• Next in thread: Robert Miller: "Re: Filtering Supernets w/o losing subnets."
• Maybe reply: Robert Miller: "Re: Filtering Supernets w/o losing subnets."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi group

I have just read in the Cisco Field Config guide pg.312 that to filter a
supernet without losing subnets you need to use extended access-list.

You have to use the destination part as the supernet mask. I tried this
and got no result.

access-list 161 deny ip 182.0.0.0 0.255.255.255 host 255.0.0.0 log

access-list 161 permit ip any any

The next thing I tried was

access-list 17 deny 182.0.0.0

access-list 17 permit any

and this worked it left the two subnets intact.

    182.16.0.0/24 is subnetted, 1 subnets

C 182.16.0.0 is directly connected, FastEthernet0/0

     182.182.0.0/16 is variably subnetted, 2 subnets, 2 masks

R 182.182.0.0/16 [120/1] via 182.16.0.6, 00:00:25, FastEthernet0/0

R 182.182.182.0/24 [120/1] via 182.16.0.6, 00:00:25,
FastEthernet0/0

Hope this makes sense to somebody, if so can they explain ?

Regards,

David Wakeman

• Next message: Dennis.D.Adekola@xxxxxxxxxxxxxxxxxx: "RE: when should we use" promiscuous" keyword in dlsw config?"
• Previous message: steven.j.nelson@xxxxxx: "RE: when should we use" promiscuous" keyword in dlsw config?"
• Next in thread: Robert Miller: "Re: Filtering Supernets w/o losing subnets."
• Maybe reply: Robert Miller: "Re: Filtering Supernets w/o losing subnets."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:16 GMT-3