Re: Simple Question on Extended Access Lists

From: Anthony Pace (anthonypace@xxxxxxxxxxx)
Date: Sat Jul 27 2002 - 15:50:08 GMT-3

• Next message: C. Warren: "RE: BGP Remove-AS Question"
• Previous message: CCIE Prep: "Changes to Lab In November"
• Maybe in reply to: Ted McDermott: "Simple Question on Extended Access Lists"
• Next in thread: ccie candidate: "Re: Simple Question on Extended Access Lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Mas Kato,

THere is one syntax I have seen and tested (in RIP) where the first
address/inverted mask in the ACL is to "specify the neigbor who gave me
the route", and the second address/inverted mask is the routes to be
filtered from that neigbor.

I also saw someone on this list code one that had something like the
prefix list flavor (permit ip 172.16.0.0 0.0.255.255 host
255.255.255.0) but they had a variation on the second half. Instead of
spacifying the mask for the routes as a fixed value, they had different
values for the network and mask that suggested a range. I can't even
remember it's syntax.

I think you are correct in saying that perfix lists or route-maps
should be able to do just about any of this, cleaner. I just wondered
where all of this was documented.

Anthony Pace

On Fri, 26 Jul 2002 18:02:15 -0700, "P729" <p729@cox.net> said:
> Other than some of the earlier IOS command references, not really.
> Halabi's
> book cites a few examples. I think they've become kind of archaic since
> prefix-lists became available...
>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
> ----- Original Message -----
> From: "Anthony Pace" <anthonypace@fastmail.fm>
> To: "P729" <p729@cox.net>; "Ted McDermott" <tedmcdermott@yahoo.com>;
> <ccielab@groupstudy.com>
> Sent: Friday, July 26, 2002 3:16 PM
> Subject: Re: Simple Question on Extended Access Lists
>
>
> > Mas Kato,
> >
> > Are there any Cisco references that explain the more elaborate flavors
> > of these kinds of "filter exetnded ACLs" also which protocoles use it
> > to mean network + mask and which use it for neighbor + network..
> >
> >
> > Anthony Pace
> >
> >
> >
> > On Thu, 25 Jul 2002 21:40:34 -0700, "P729" <p729@cox.net> said:
> > > Ted,
> > >
> > > This form of an extended access-list is specifying that the subnet mask
> > > in
> > > the update must be 255.0.0.0 and the 0.0.0.0 wildcard mask for it means
> > > it
> > > must be an exact match.
> > >
> > > Regards,
> > >
> > > Mas Kato
> > > https://ecardfile.com/id/mkato
> > > ----- Original Message -----
> > > From: "Ted McDermott" <tedmcdermott@yahoo.com>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Thursday, July 25, 2002 8:27 PM
> > > Subject: Simple Question on Extended Access Lists
> > >
> > >
> > > > On page 2 of 10 of the Cisco - BGP Case Studies
> > > > Section 3
> > > > (http:/www.cisco.com/warp/customer/459/15.html), the
> > > > author uses "access-list 101 permit ip 160.0.0.0
> > > > 0.255.255.255 255.0.0.0 0.0.0.0" to permit
> > > > 160.0.0.0/8. The 255.0.0.0 as a destination address
> > > > doesn't make any sense. It ought to be 0.0.0.0. Right
> > > > or wrong? Thanks, Ted
> > > >

• Next message: C. Warren: "RE: BGP Remove-AS Question"
• Previous message: CCIE Prep: "Changes to Lab In November"
• Maybe in reply to: Ted McDermott: "Simple Question on Extended Access Lists"
• Next in thread: ccie candidate: "Re: Simple Question on Extended Access Lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:46 GMT-3