From: Brian McGahan (brian@xxxxxxxxxxxxxxx)
Date: Mon Apr 22 2002 - 13:02:28 GMT-3
Guy,
Route filtering using extended access-list syntax can only be
applied with BGP. The routes mentioned were as follows:
10.1.120.0 /24
10.1.120.0 /22
If you are trying to filter these routes in the context of BGP, the
following access-list would work:
Access-list 100 permit host 10.1.120.0 host 255.255.252.0
Instead of source destination pairs, this list (only in the context of
BGP remember) reads as a prefix & prefix-length pair. This access-list
translates to the following prefix-list:
Ip prefix-list 1 permit 10.1.120.0/22
If you want to do exact prefix & prefix-length matches with other
protocols besides BGP, then you have to use the prefix-list. And yes,
you can apply the prefix to a distribute-list with the 'distribute-list
prefix' command. To match it in a route-map, use the syntax 'match ip
address prefix-list'. A prefix-list can also be applied to a BGP
neighbor directly with the command 'neighbor x.x.x.x prefix-list
[in/out]'.
HTH
Brian McGahan
CCIE #8593
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
http://www.cyscoexpert.com
Voice: 847.674.3392
Fax: 847.674.2625
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lupi, Guy
Sent: Monday, April 22, 2002 10:36 AM
To: 'Sukhjit Singh'; ccielab@groupstudy.com
Subject: RE: ACL question
I would like to know another way also, but I have yet to find solid
documentation on complex route filtering using extended access lists. I
have seen an example here and there, and I have made it work before, but
it
doesn't work all the time. I am sure I am doing something wrong, but I
can't find a good documentation piece that explains the process in
detail.
Anyone have a link or some other resource for this?
~-----Original Message-----
~From: Sukhjit Singh [mailto:ssukhjit@yahoo.com]
~Sent: Monday, April 22, 2002 11:40 AM
~To: Lupi, Guy; ccielab@groupstudy.com
~Subject: RE: ACL question
~
~
~Lupi,
~
~You are right, prefix-list worked,
~
~ip prefix-list 34 seq 5 deny 10.1.120.0/24
~ip prefix-list 34 seq 15 permit 10.0.0.0/8 le 23
~ip prefix-list 34 seq 20 permit 10.1.124.0/24
~
~However still i am keen to know another way, if
~possible using acl, Thanks,
~Sukhs,
~
~--- "Lupi, Guy" <Guy.Lupi@eurekaggn.com> wrote:
~> I don't know what it would be as far as an extended
~> access list, but you
~> could use a "distribute-list prefix" to call a
~> prefix list instead of an
~> access list, that way you could define exactly what
~> you want to be
~> redistributed.
~>
~> ~-----Original Message-----
~> ~From: Sukhjit Singh [mailto:ssukhjit@yahoo.com]
~> ~Sent: Monday, April 22, 2002 10:22 AM
~> ~To: ccielab@groupstudy.com
~> ~Subject: ACL question
~> ~
~> ~
~> ~ACL Experts,
~> ~
~> ~I have two routes in my R1 routing table,
~> ~10.1.120.0 /24
~> ~And 10.1.120.0 /22 (Summary route)
~> ~
~> ~I want to filter the /24 route & want to only pass
~> /22
~> ~summary route to other routers. I am using
~> ~distribute-list command with route-map.
~> ~
~> ~It passes both of these routes, I am not sure what
~> ~will be the right wildcard combination which can
~> ~differnciate b/w these 2 routes.
~> ~
~> ~Any suggestions please,
~> ~
~> ~regards,
~> ~Sukhs,
~> ~
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:16 GMT-3