Re: ip prefix-list ....

From: Oliver Boehmer (oboehmer@xxxxxxxxx)
Date: Thu Jul 04 2002 - 04:46:45 GMT-3

• Next message: GOLBERY Irčne: "RE: rip summary-address"
• Previous message: Vincent Tsang: "Re: NTP synchronisation problem"
• Maybe in reply to: Hunt Lee: "ip prefix-list ...."
• Next in thread: Anthony Pace: "Re: ip prefix-list ...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
The bad thing about extended acls in distribute-list is the different
semantic they have within different protocols (which is, IIRC, not
documented anywhere, hence unsupported). With OSPF and RIP, source =
neighbor, dest = prefix, so no way of matching the prefix length.

So prefix lists are recommended, they have a documented behaviour.

         oli

At 19:46 03.07.2002 -0300, Carlos G Mendioroz wrote:
>Gabor,
>extended ACLs in distribute lists are supported (AFAIK) only in BGP.
>
>Gyuri Gabor wrote:
> >
> > Dear Oliver !
> >
> > You wrote:
> >
> > access-list 100 permit ip 172.16.0.0 0.0.3.255 255.255.255.0 0.0.0.0
> > is semantically equal to
> > ip prefix-list ... permit 172.16.0.0/22 ge 24 le 24
> >
> > I have tried this with the the following routes:
> >
> > R1#sh ip route rip | inc Ethernet0
> > R 172.16.0.0/24 [120/1] via 150.100.1.101, 00:00:11, Ethernet0
> > R 172.16.0.0/26 [120/1] via 150.100.1.101, 00:00:11, Ethernet0
> > R 172.16.0.0/22 [120/1] via 150.100.1.101, 00:00:11, Ethernet0
> > R 172.16.1.0/24 [120/1] via 150.100.1.101, 00:00:11, Ethernet0
> > R 172.16.3.0/25 [120/1] via 150.100.1.101, 00:00:11, Ethernet0
> >
> > When I implent the distribute-list (the begin of the access-list line
> is wrapped by router):
> >
> > R1#conf t
> > Enter configuration commands, one per line. End with CNTL/Z.
> > R1(config)#no access-list 100
> > R1(config)#$ 100 permit ip 172.16.0.0 0.0.3.255 255.255.255.0 0.0.0.0
> > R1(config)#router rip
> > R1(config-router)#distribute-list 100 in e 0
> > R1(config-router)#end
> > R1#
> > *Mar 3 07:19:49: %SYS-5-CONFIG_I: Configured from console by console
> > R1#sh ip route rip | inc Ethernet0
> > R 172.16.0.0/24 [120/1] via 150.100.1.101, 00:01:04, Ethernet0
> > R 172.16.0.0/26 [120/1] via 150.100.1.101, 00:01:04, Ethernet0
> > R 172.16.0.0/22 [120/1] via 150.100.1.101, 00:01:04, Ethernet0
> > R 172.16.1.0/24 [120/1] via 150.100.1.101, 00:01:04, Ethernet0
> > R 172.16.3.0/25 [120/1] via 150.100.1.101, 00:01:04, Ethernet0
> >
> > As You can see, all the routes are refused (the update timer is 30 sec).
> > I use IOS 12.1.14.
> >
> > What is the problem ?
> >
> > Gabor

• Next message: GOLBERY Irčne: "RE: rip summary-address"
• Previous message: Vincent Tsang: "Re: NTP synchronisation problem"
• Maybe in reply to: Hunt Lee: "ip prefix-list ...."
• Next in thread: Anthony Pace: "Re: ip prefix-list ...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:18 GMT-3