RE: ACL to block /29 route?

From: Khalid Siddiq (khalid@xxxxxxxxxx)
Date: Fri Aug 23 2002 - 05:45:21 GMT-3

• Next message: ccie candidate: "Re: IPX access list"
• Previous message: Nick Shah: "Re: Solie' s page 438"
• Maybe in reply to: William Wong Kun Sing: "ACL to block /29 route?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Raj and Brian,
please correct me if i miss some thing,
the actual question is that he want to advertise the 168.1.10.0/24 route form o
spf in RIP having serial address 166.1.10.0/24 R2---R3 , i belive ospf adver
tise that route in rip as a classful network 168.1.0.0/16.
regards,
khalid

-----Original Message-----
From: Horszczaruk Krzysztof [mailto:Krzysztof.Horszczaruk@getronics.com]
Sent: Wednesday, August 21, 2002 1:44 PM
To: Peng Zheng; ccie candidate; Raj; Brian McGahan; William Wong Kun Sing; Grou
pstudy; Lupi, Guy
Subject: RE: ACL to block /29 route?

the second part of extended ACL (255.0.0.0 0.0.0.0) probably means route prefix
 length equal 8 bits.

anyway, such use of extended ACL is considered legacy and current approach is t
o use prefix-list.

>>>-----Original Message-----
>>>From: Peng Zheng [mailto:zpnist@yahoo.com]
>>>Sent: Tuesday, August 20, 2002 10:11 PM
>>>To: ccie candidate; 'Raj'; Brian McGahan; 'William Wong Kun
>>>Sing'; 'Groupstudy'; Lupi, Guy
>>>Subject: RE: ACL to block /29 route?
>>>
>>>
>>>I think here it's different meaning with Extended
>>>access lists.
>>>
>>>I saw this:
>>>The command access-list 1 permit 160.0.0.0
>>>0.255.255.255 permits 160.0.0.0/8,160.0.0.0/9, and so
>>>on. To restrict the update to only 160.0.0.0/8, use an
>>>extended access list of the following format:
>>>access-list 101 permit 160.0.0.0 0.255.255.255
>>>255.0.0.0 0.0.0.0. This list permits 160.0.0.0/8 only.
>>>
>>>
>>>So second part is not destination, I think it means
>>>match exactly or something like that.
>>>
>>>Please correct me if I'm wrong.
>>>
>>>
>>>
>>>--- ccie candidate <ccie1@lycos.com> wrote:
>>>> ru sure about the ACL is supported with BGP only
>>>> ..in fact the extended ACL format is like that
>>>>
>>>> access-list 101 permit ip source wildmask {dest
>>>> wildmask | mask wildmask }
>>>>
>>>> so i beleive it should work with any protocol .
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> On Tue, 20 Aug 2002 08:26:36
>>>> Lupi, Guy wrote:
>>>> >Extended access lists for route filtering are only
>>>> supported in BGP, so this
>>>> >might do something, but I don't think it would
>>>> accomplish what you want it
>>>> >to.
>>>> >
>>>> >-----Original Message-----
>>>> >From: Raj [mailto:raj.bahad@totalise.co.uk]
>>>> >Sent: Tuesday, August 20, 2002 8:16 AM
>>>> >To: Brian McGahan; 'William Wong Kun Sing';
>>>> 'Groupstudy'
>>>> >Subject: RE: ACL to block /29 route?
>>>> >
>>>> >
>>>> >Guys,
>>>> >
>>>> >Could you not use the following as an alternative
>>>> to prefix-lists?
>>>> >
>>>> >access-list 101 permit 168.1.10.0 0.0.0.255
>>>> 255.255.255.0 0.0.0.0
>>>> >
>>>> >Or is there a restriction on using extended
>>>> access-lists with route-maps?
>>>> >
>>>> >Thanks,
>>>> >
>>>> >Raj.
>>>> >
>>>> >-----Original Message-----
>>>> >From: Brian McGahan [mailto:brian@cyscoexpert.com]
>>>> >Sent: 20 August 2002 12:41
>>>> >To: 'Raj'; 'William Wong Kun Sing'; 'Groupstudy'
>>>> >Subject: RE: ACL to block /29 route?
>>>> >
>>>> >
>>>> >William,
>>>> >
>>>> > You need to use a prefix-list to match this route,
>>>> since an
>>>> >access-list cannot match on prefix and length.
>>>> Your syntax would look
>>>> >like:
>>>> >
>>>> >Ip prefix OSPF permit 168.1.10.0/24
>>>> >!
>>>> >Route-map OSPF2RIP permit 10
>>>> > Match ip address prefix-list OSPF
>>>> >!
>>>> >router RIP
>>>> > redistribute OSPF 1 metric 1 route-map OSPF2RIP
>>>> >!
>>>> >
>>>> > This is assuming that you already have the /24
>>>> summary on R2.
>>>> >
>>>> >
>>>> >HTH
>>>> >
>>>> >Brian McGahan, CCIE #8593
>>>> >Director of Design and Implementation
>>>> >brian@cyscoexpert.com
>>>> >
>>>> >CyscoExpert Corporation
>>>> >Internetwork Consulting & Training
>>>> >http://www.cyscoexpert.com
>>>> >Voice: 847.674.3392
>>>> >Fax: 847.674.2625
>>>> >
>>>> >
>>>> >-----Original Message-----
>>>> >From: nobody@groupstudy.com
>>>> [mailto:nobody@groupstudy.com] On Behalf Of
>>>> >Raj
>>>> >Sent: Tuesday, August 20, 2002 6:11 AM
>>>> >To: William Wong Kun Sing; 'Groupstudy'
>>>> >Subject: RE: ACL to block /29 route?
>>>> >
>>>> >How about this:
>>>> >
>>>> >area x range 168.1.10.0 255.255.255.0
>>>> >
>>>> >If anyone disagrees, let me know!
>>>> >
>>>> >Raj.
>>>> >
>>>> >-----Original Message-----
>>>> >From: nobody@groupstudy.com
>>>> [mailto:nobody@groupstudy.com]On Behalf Of
>>>> >William Wong Kun Sing
>>>> >Sent: 20 August 2002 11:58
>>>> >To: 'Groupstudy'
>>>> >Subject: ACL to block /29 route?
>>>> >
>>>> >
>>>> >Hi guys
>>>> >
>>>> >
>>>> >I have these 2 ospf routes in r2 being
>>>> redistributed into rip in r2:
>>>> >
>>>> >168.1.10.0/29
>>>> >168.1.10.0/24
>>>> >
>>>> >
>>>> >
>>>>
>>>---------OSPF--------r2------------RIP----------------r3
>>>> > 168.1.10.0/29 166.1.10.0/24
>>>> >
>>>> >
>>>> >I just want to advertise the /24 network to r3.
>>>> How can I achieve that?
>>>> >
>>>> >Thanks in advance.
>>>> >
>>>> >
>>>> >Best regards,
>>>> >
>>>> >
>>>> >William
>>>>

• Next message: ccie candidate: "Re: IPX access list"
• Previous message: Nick Shah: "Re: Solie' s page 438"
• Maybe in reply to: William Wong Kun Sing: "ACL to block /29 route?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:35 GMT-3