From: Herve Bruyere (hbruyere@cisco.com)
Date: Thu Feb 20 2003 - 05:44:24 GMT-3
tan wrote:
>>>deny ip 172.12.10.0 0.0.0.255 any
>>
>>
>>matches 172.12.10.0/24 /25 /26 /27 ....
>
>
> I think this would also match the /23 of same prefix as well.
Why /23? We say 172.12.10.x with all the masks that can cover "x"...
>
>
>
>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>>Herve Bruyere
>>Sent: Wednesday, February 19, 2003 7:16 PM
>>To: balaji.balakrishnan
>>Cc: ccielab@groupstudy.com
>>Subject: Re: BGP route filter
>>
>>
>>balaji.balakrishnan wrote:
>>
>>>Hi Group,
>>>
>>>This is about using extended access-list to filter bgp
>>
>>routes instead of prefix-list . For example, if you want to
>>
>>>permit only 10.132.0.0/16 and filter more specific routes,
>>
>>I believe the access-list should be
>>
>>>permit ip 10.132.0.0 0.0.255.255 host 255.255.0.0
>>>
>>>But, can anyone explain me, how to interpret the following
>>
>>access-list entries,
>>
>>
>>In my opinion:
>>
>>
>>>permit ip 10.0.0.0 0.255.255.255 host 255.255.255.255
>>
>>matches all 10.x.x.x routes having /32 mask
>>
>>
>>
>>>permit ip host 172.12.10.208 host 255.255.255.252
>>
>>matches 172.12.10.208/30
>>
>>
>>>deny ip 172.12.10.0 0.0.0.255 any
>>
>>
>>matches 172.12.10.0/24 /25 /26 /27 ....
>>
>>
>>
>>
>>>Rgds,
>>>Bala.
>>>
>>
>>-
>
>
--
.. .. |
|| || | Herve Bruyere Phone : +32(0)2 704 5765
|| || | e-mail: hbruyere@cisco.com
|||| |||| | Customer Support
..:||||||:...:||||||:.. | Engineering
|
C i s c o S y s t e m s |
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:30 GMT-3