From: Kyaw Khine (kkhine@xxxxxxxxxxxx)
Date: Mon Jun 17 2002 - 16:51:43 GMT-3
This is what I found out.
1. I cannot use named extended ACL in distribute-list.
2. I can use numbered extened ACL in distribute-list but it doesn't seem to
be working properly as I use in BGP.
3. I found prefix-list is the most convenient way to filter IGP routes in
distribute-list.
Correct me if I'm wrong.
-----Original Message-----
From: Carlos G Mendioroz [mailto:tron@huapi.ba.ar]
Sent: Monday, June 17, 2002 3:14 PM
To: Mingzhou Nie
Cc: Ng, Kim Seng David (David); ccielab@groupstudy.com
Subject: Re: Extended Access-list
Please correct me if I'm wrong, but I believe that this additional
functionality is only available in BGP.
(That is, you can not use extended ACLs in distribute lists on other
protocols... even those in that this make sense like eigrp)
Mingzhou Nie wrote:
>
> In distribut-list, extended access-list is interpreted different than
> it should be. The source address part is used to match route
> network/subnet and destination address part to match submask.
>
> In your example, it tells, router network has to be 160.x.y.z where
> xyz can be anything, but the mask has to be exactly 255.0.0.0. It's
> the same as
>
> access-list 101 permit ip 160.0.0.0 0.255.255.255 host 255.0.0.0
>
> Ming
> --- "Ng, Kim Seng David (David)" <ksng@avaya.com> wrote:
> > Hi group,
> >
> > How do you interprete the following extended access-list as
> > permitting only 160.0.0.0/8 when applied by a distribute list?
> >
> > access-list 101 permit ip 160.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0
> >
> > I do not really understand the second part of the access-list
> > "255.0.0.0 0.0.0.0". What is it actually denoting? What if we need
> > to permit only 160.0.0.0/12? Is it then
> >
> > access-list 101 permit ip 160.0.0.0 0.15.255.255 255.240.0.0 0.0.0.0
> >
> > Please correct me. Thanks
> >
> > David
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:35 GMT-3