RE: Question about Prefix filtering

From: tan (tan@dia.janis.or.jp)
Date: Mon Feb 24 2003 - 04:51:23 GMT-3

• Next message: Tom Young: "bit ordering of MAC address"
• Previous message: Donny MATEO: "Re: PQ per VC/physical interface"
• Maybe in reply to: Tran Tien Phong: "Question about Prefix filtering"
• Next in thread: Khalid A. Kaseb: "RE: Question about Prefix filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If filtering routes and not filter packet forwarding, zero at end of inverse
mask is least wrong. In some cases, 255 would be wrong, and it would depend
on other things to know if zero is required over 255 (ripv1 or v2, dist-list
in or out, or redist with or without auto-summary, ect...), but if using
zero, it shouldn't ever actually be wrong.

The only case it could be wrong I think is if relying on summarizing to
create a /24 from deeper masked networks and summarizing happens before a
distribute-list. Normally distribute-list in/out interface happens before
summarizing, but possibly with the [protocol] out option, a situation could
be manipulated to have distribution list process come before summarizing on
a redistribution. Maybe using distribute-list out [protocol] option, under
another routing protocol with auto-summary on. Does this put the routes
through the summarizing process first or distribute-list first?? I guess not
but this is a pretty contrived scenario that I have thought to test some
day. Would this change if distribute list was not on its own line but at the
end of of redistribute line? If anybody has experienced this, could you
please fill us in.

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Tran Tien Phong
> Sent: Monday, February 24, 2003 12:52 PM
> To: ccielab@groupstudy.com
> Subject: Question about Prefix filtering
>
>
> Hi guys,
>
> For example, there are following network:
> 192.168.1.0
> 192.168.2.0
> 192.168.3.0
> 192.168.4.0
> 192.168.5.0
> 192.168.6.0
> 192.168.7.0
> 192.168.8.0
>
> The question asks me to filter the odd routes, I think there are two
> working configs:
>
> 1.
> access-list 1 deny 192.168.1.0 0.0.254.255
> access-list 1 permit any
>
> 2.
> access-list 1 deny 192.168.1.0 0.0.254.0
> access-list 1 permit any
>
> Both of the configs will work well but which one is better and more
> correct?
>
> Thanks.

• Next message: Tom Young: "bit ordering of MAC address"
• Previous message: Donny MATEO: "Re: PQ per VC/physical interface"
• Maybe in reply to: Tran Tien Phong: "Question about Prefix filtering"
• Next in thread: Khalid A. Kaseb: "RE: Question about Prefix filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:33 GMT-3