RE: Is There a Relationship Between Prefix List and ACL??

From: OhioHondo (ohiohondo@columbus.rr.com)
Date: Fri Mar 14 2003 - 20:37:12 GMT-3

• Next message: Stewart, Dirk: "Question in logic anyone?"
• Previous message: Brian Dennis: "RE: Block one user from logging into the router."
• Maybe in reply to: OhioHondo: "Is There a Relationship Between Prefix List and ACL??"
• Next in thread: OhioHondo: "RE: Is There a Relationship Between Prefix List and ACL??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Brian

Thank you. This is exactly what I needed.

-----Original Message-----
From: Brian Dennis [mailto:brian@labforge.com]
Sent: Friday, March 14, 2003 6:34 PM
To: 'OhioHondo'; ccielab@groupstudy.com
Subject: RE: Is There a Relationship Between Prefix List and ACL??

Prefix lists didn't show up till 12.0T so before that if there was a
need to match not only the network but match the subnet mask you used an
extended ACL. A standard ACL can only match the network and not match
the subnet mask. An extended ACL is needed to match the subnet mask.

Here is the syntax:
access-list <ACL #> permit ip <network> <wildcard mask of network>
<subnet mask> <wildcard mask of subnet mask>

Here are some examples:
access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.0.0 0.0.0.0
matches 10.0.0.0/16 - Only

access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.255.0 0.0.0.0
matches 10.0.0.0/24 - Only

access-list 100 permit ip 10.1.1.0 0.0.0.0 255.255.255.0 0.0.0.0
matches 10.1.1.0/24 - Only

access-list 100 permit ip 10.0.0.0 0.0.255.0 255.255.255.0 0.0.0.0
matches 10.0.X.0/24 - Any number in the 3rd octet of the network with a
/24 subnet mask

access-list 100 permit ip 10.0.0.0 0.255.255.0 255.255.255.0 0.0.0.0
matches 10.X.X.0/24 - Any number in the 2nd & 3rd octet of the network
with a /24 subnet mask

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.240 0.0.0.0
matches 10.X.X.X/28 - Any number in the 2nd, 3rd & 4th octet of the
network with a /28 subnet mask

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.0 0.0.0.255
matches 10.X.X.X/24 to 10.X.X.X/32 - Any number in the 2nd, 3rd & 4th
octet of the network with a /24 to /32 subnet mask

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.128
0.0.0.127
matches 10.X.X.X/25 to 10.X.X.X/32 - Any number in the 2nd, 3rd & 4th
octet of the network with a /25 to /32 subnet mask

Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) CCSI# 98640
brian@labforge.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
OhioHondo
Sent: Friday, March 14, 2003 1:48 PM
To: ccielab@groupstudy.com
Subject: Is There a Relationship Between Prefix List and ACL??

Every One

Does this type of Extended ACL have a special name so I can look up
documentation on it??

access-list 101 permit ip 12.0.0.0 0.0.0.255 255.255.255.0
255.255.255.255

Second: I can see where the 12.0.0.0 0.0.0.255 can be the equivalent of
the
12.0.0.0/24 part of a prefix list. Do the 255.255.255.0 and the
255.255.255.255 have equivalents in prefix list designation? (i.e. one
is
the ge and one is the le?)

• Next message: Stewart, Dirk: "Question in logic anyone?"
• Previous message: Brian Dennis: "RE: Block one user from logging into the router."
• Maybe in reply to: OhioHondo: "Is There a Relationship Between Prefix List and ACL??"
• Next in thread: OhioHondo: "RE: Is There a Relationship Between Prefix List and ACL??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:39 GMT-3