RE: Route filtering

From: Paglia, John (USPC.PCT.Hopewell) (JPaglia@xxxxxxxxxxxxx)
Date: Tue Jun 04 2002 - 17:02:04 GMT-3

• Next message: Jeff Duchin: "Cisco Systems announces the End of Sale and End of Life fo r the Catalyst® 3900 and 3920 Token Ring switches"
• Previous message: Krucker, Louis: "RE: BGP and Metric"
• Maybe in reply to: Paul: "Route filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I didn't realize that you had to keep the /24 mask. In that case, the config
below is on the mark.

Pags

> -----Original Message-----
> From: John Maliakal [SMTP:john.maliakal@cwgoindia.com]
> Sent: Tuesday, June 04, 2002 12:13 AM
> To: Dustin.Yates@ercgroup.com; p_chopin@yahoo.com;
> ccielab@groupstudy.com
> Subject: RE: Route filtering
>
> Hi Paul,
> let me first understand your requirement.
>
> You want to only allow 200.200.x.0/24 networks where x is an odd number ,
> and the mask should allows remain 24.
> rest of the networks you wand to deny.
>
> I guess for this you should use the extended access-list along with the
> distribute list..
>
> The access-list would look like this
>
> permit 200.200.1.0 0.0.254.0 255.255.255.0 0.0.0.0
> deny any any
>
>
> I guess you did right when you used standard access-lists but since you
> want a perfect mask of /24 only to be allowed you should use extended
> access-lists.
>
> try this a let me know too
>
> Regards
> John F Maliakal
>
> -----Original Message-----
> From: Dustin.Yates@ercgroup.com [mailto:Dustin.Yates@ercgroup.com]
> Sent: Tuesday, June 04, 2002 7:11 AM
> To: p_chopin@yahoo.com; ccielab@groupstudy.com
> Subject: RE: Route filtering
>
>
> Paul, I sent this one the other day, but maybe you didn't see it:
>
> deny 200.200.0.0 0.0.254.0
> perm any
>
> Now, here's the distribute list in action:
>
> r4:
> router rip
> version 2
> network 155.10.0.0
> network 200.200.0.0
> network 200.200.1.0
> network 200.200.2.0
> network 200.200.3.0
> network 200.200.4.0
> network 200.200.5.0
>
> R4#siib
> Interface IP-Address OK? Method Status
> Prot
> ocol
> FastEthernet0/0 155.10.44.4 YES NVRAM up
> up
>
> Serial0/0 155.10.45.4 YES NVRAM up
> up
>
> Loopback0 155.10.4.4 YES NVRAM up
> up
>
> Loopback1 200.200.1.1 YES manual up
> up
>
> Loopback2 200.200.2.1 YES manual up
> up
>
> Loopback3 200.200.3.1 YES manual up
> up
>
> Loopback4 200.200.4.1 YES manual up
> up
>
> Loopback5 200.200.5.1 YES manual up
> up
>
> R5#sir
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
> i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
> area
> * - candidate default, U - per-user static route, o - ODR
> P - periodic downloaded static route
>
> Gateway of last resort is not set
>
> R 200.200.4.0/24 [120/1] via 155.10.45.4, 00:00:22, Serial0/0.45
> R 200.200.5.0/24 [120/1] via 155.10.45.4, 00:00:22, Serial0/0.45
> 155.10.0.0/16 is variably subnetted, 16 subnets, 3 masks
> R 155.10.4.0/24 [120/1] via 155.10.45.4, 00:00:12, Serial0/0.45
> R 155.10.44.0/24 [120/1] via 155.10.45.4, 00:00:13, Serial0/0.45
> R 200.200.1.0/24 [120/1] via 155.10.45.4, 00:00:25, Serial0/0.45
> R 200.200.2.0/24 [120/1] via 155.10.45.4, 00:00:25, Serial0/0.45
> R 200.200.3.0/24 [120/1] via 155.10.45.4, 00:00:25, Serial0/0.45
> R5#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> R5(config)#access-list 77 deny 200.200.0.0 0.0.254.0
> R5(config)#access-list 77 perm any
> R5(config)#router rip
> R5(config-router)#distr
> R5(config-router)#distribute-list 77 in s0/0.45
> R5(config-router)#end
> R5#clear ip route
> 04:20:36: %SYS-5-CONFIG_I: Configured from console by console
> R5#clear ip route *
> R5#sir
> Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
> i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
> area
> * - candidate default, U - per-user static route, o - ODR
> P - periodic downloaded static route
>
> Gateway of last resort is not set
>
> R 200.200.5.0/24 [120/1] via 155.10.45.4, 00:00:11, Serial0/0.45
> 155.10.0.0/16 is variably subnetted, 16 subnets, 3 masks
> R 155.10.4.0/24 [120/1] via 155.10.45.4, 00:00:12, Serial0/0.45
> R 155.10.44.0/24 [120/1] via 155.10.45.4, 00:00:13, Serial0/0.45
> R 200.200.1.0/24 [120/1] via 155.10.45.4, 00:00:13, Serial0/0.45
> R 200.200.3.0/24 [120/1] via 155.10.45.4, 00:00:13, Serial0/0.45
> R5#
>
> -----Original Message-----
> From: Paul [mailto:p_chopin@yahoo.com]
> Sent: Monday, June 03, 2002 5:44 PM
> To: ccielab@groupstudy.com
> Subject: Route filtering
>
>
> Hi guys,
> I'm reposting the question from couple days.I think it
> is worth looking at it again.Nobody so far was able to
>
> come up with any solid answer.
> What I'm trying to do is to prevent rip from learning
> certain prefixes over the interface.I only should
> allow
> networks 200.200.x.0/24 where x is odd number.So guys
> pay attention, we filtering on networks and prefix
> size.
> I use distribute-list statement under rip. Ip prefix
> list doesn't seem to work in this case.
> Extended access list block all the networks.?When I
> use standard access lists it works, but I'm getting
> all sorts of prefixes, not just /24.
> Any ideas
> Thanks.
>
>

• Next message: Jeff Duchin: "Cisco Systems announces the End of Sale and End of Life fo r the Catalyst® 3900 and 3920 Token Ring switches"
• Previous message: Krucker, Louis: "RE: BGP and Metric"
• Maybe in reply to: Paul: "Route filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:23 GMT-3