From: Jason Gardiner (gardiner@xxxxxxxxxx)
Date: Sat May 04 2002 - 17:13:09 GMT-3
The format is right for the entire IPX address. However, when filtering
on networks, you do not specify host addresses. So you would just
specify the 4 bytes representing the network when creating the access
list.
Also, there appear to be other issues with that access lis.
When filtering in IP, one tends to use the standard access list, since
you're specifying networks. The extended access lists would be used for
filter out specific traffic announcements, for say demand ISDN, where you
would want to prevent OSPF from being deemed "interesting".
In other words,
access-list 1 permit 172.16.1.0 0.0.0.255
would be used in the distribute-list for filtering routes and
access-list 101 permit ospf 172.16.1.0 0.0.0.0.255 any
would allow the ospf protocol to operate over that address range, not
filter the route announcements. Your list,
access-list 900 permit rip AA0.0000.0000.0000 F.ffff.ffff.ffff
would only permit the RIP protocol over that IPX address and (I believe)
socket.
Thanks,
Jason Gardiner
Supervisor, Engineering Services
Sprint Internet Backbone Operations
"You can swim all day in the Sea of Knowledge and
still come out completely dry. Most people do."
Norton Juster
On Sat, 4 May 2002, Chuck Mason wrote:
> Jason,
> I agree that "00000AA0" is not the same as "AA000000". As I understand
> it, Paul asked to only allow rip updates for IPX networks AA0 thru
> AAF. IPX follows NNNN.NNNN.HHHH.HHHH.HHHH format as I understand it,
> so wouldn't only wanting networks AA0 thru AAF address as
> AA0.HHHH.HHHH.HHHH thru AAF.HHHH.HHHH.HHHH?
>
> Just as in IP "001" is "1", so AA0 is AA0 not AA00.0000.(HOST MASK)
> as I interpret your reply.
> Please correct me if I wrong on this . . . it certainly won't be the
> first time.
> Chuck
>
> -----Original Message-----
> From: Jason Gardiner [mailto:gardiner@sprint.net]
> Sent: Saturday, May 04, 2002 12:14 PM
> To: Chuck Mason
> Cc: Paul; ccielab@groupstudy.com
> Subject: RE: IPX access lists
>
>
> Again, I think there's some misinterpretation of the requirements:)
>
> Network AA0 is the same thing as 00000AA0, not AA000000
>
> Also, upon review of the documentation CD, I don't see any instances
> of
> aggregated access lists for IPX RIP of EIGRP. Access-list 1200-1299
> appears to be the summary access list range, but it's only usable for
> NLSP.
>
> Thanks,
>
> Jason Gardiner
> Supervisor, Engineering Services
> Sprint Internet Backbone Operations
>
> "You can swim all day in the Sea of Knowledge and
> still come out completely dry. Most people do."
>
> Norton Juster
>
> On Sat, 4 May 2002, Chuck Mason wrote:
>
> > Sorry Paul,
> > Paul,
> > I mis-read the request. You wanted the range not just AAO and AAF.
> > To permit the range then I think
> > access-list 900 permit rip AA0.0000.0000.0000 F.ffff.ffff.ffff
> > will get you there.
> >
> > (Note: Mis-reading the requirement -- the number 1 lab killer)
> >
> > Cheers,
> > Chuck
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf
> Of
> > Paul
> > Sent: Saturday, May 04, 2002 12:58 AM
> > To: ccielab@groupstudy.com
> > Subject: RE: IPX access lists
> >
> >
> > I think you are filtering only two routes , not the
> > whole range AA0-AAF
> > Paul
> > --- Chuck Mason <romason0916@hananet.net> wrote:
> > > Paul,
> > > Wouldn't this get it?
> > >
> > > access-list 900 permit rip AA0.0000.0000.0000
> > > ffff.ffff.ffff
> > > access-list 900 permit rip AAF.0000.0000.0000
> > > ffff.ffff.ffff
> > > Chuck
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > > [mailto:nobody@groupstudy.com]On Behalf Of
> > > Paul
> > > Sent: Friday, May 03, 2002 4:35 PM
> > > To: ccielab@groupstudy.com
> > > Subject: IPX access lists
> > >
> > >
> > > Hi guys,
> > > Anybody knows answer to this question- how would you
> > > allow only ipx networks AA0 to AAF in rip
> > > updates.Does
> > > it require standard or extended ipx access lists?
> > > I can't find it anywhere on CCO.
> > > Paul
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:50 GMT-3