From: CCIE1DAY (ccie1day@totalise.co.uk)
Date: Fri Feb 14 2003 - 06:06:33 GMT-3
Hi,
It works both with standard and extended access lists.
There was two reasons for me illustrating with an extended access list.
1. The original post uses "permit ip 198.5.0.0 0.0.254.255 any"
I therefore thought I'd show an example with the extended access list,
although the 'IP' above is obviously incorrect...
2. An extended access list is MUCH more powerful, because you can specify
who is allowed to send you routes.
The ccie lab exam is not easy and it's good to know all the tricks.
If you were asked to accept even routes from 'this' sender and do not accept
routes from any other router, you've got two choices
A. use the extended access-list - easy both jobs done in one line.
B. used a standard access-list to filter the even routes, and use another
mechanism to block routes from other senders, namely messing with default
distances and then setting up static neighbors. - much less elegant
cheers
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Kumar, Senthil
Sent: 12 February 2003 19:13
To: 'CCIE1DAY '; 'Sage Vadi '; 'ccielab@groupstudy.com '
Subject: RE: ACL's: Even/Odd -- allow EVEN
why dont you use standard access-list and keep it simple
access-list 1 permit 198.5.0.0 0.0.254.255 - even routes only
router rip
distribute-list in 1 e0/0
!
you will need extended acl for route filtering only with bgp to check the
prefix and subnet mask..
but did you ever manage to feed a extended-acl in distribute-list, i dont
think it will work.
-----Original Message-----
From: CCIE1DAY
To: Sage Vadi; ccielab@groupstudy.com
Sent: 12/02/2003 10:56
Subject: RE: ACL's: Even/Odd -- allow EVEN
THis is because you are using your extended access list incorrectly.
should be as follows
access-list 101 permit ip <source address of RIP speaker > < inv-mask> <
routes_allowable> < inv mask>
so, in your example
router rip
net xxx
distribute-list 101 in E0 !or whatever!
access-list 101 permit ip any 198.5.0.0 0.0.254.255
!
NOW, if you wanted to resrict not only the accepted routes, but from WHO
you
received them from you could:
access-list 101 pemit ip host 135.1.2.2 198.5.0.0 0.0.254.255
access-list 101 pemit ip host 135.1.2.3 198.5.1.0 0.0.254.255
would accept even subnets from 135.1.2.2 and odds from 135.1.2.3
cheers
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Sage Vadi
Sent: 12 February 2003 10:23
To: ccielab@groupstudy.com
Subject: RE: ACL's: Even/Odd -- allow EVEN
All,
Receive the following RIPv1 routes (ingress).
198.5.51.0 in 1 hops
198.5.52.0 in 1 hops
198.5.53.0 in 1 hops
198.5.54.0 in 1 hops
Want to permit only the EVEN networks. My calculation
as follows:
52 = 00110100
54 = 00110110
Accordingly we have to do an inverse mask that matches
on the LAST bit (even numbers). That is what I have
done and tested on a subnet calculator (it seems to
bring out the correct addresses).
Hence -
permit ip 198.5.0.0 0.0.254.255 any
Would permit ALL even networks (til 254). Which is
fine, I don't care how speficic.
Q) When I apply this inbound on my egress interface
where I'm receiving this routes - it just doesn't
work?!?!
What stupid thing am I doing? I feel like bashing this
monitor...
rgds,
Sage
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:22 GMT-3