From: Tim Fletcher (tim@fletchmail.net)
Date: Sat Mar 15 2003 - 13:28:13 GMT-3
When you're using extended access lists to filter routes, the 1st address and mask matches the network, the second matches the mask.
But there's a problem with your access list. I believe what you meant was:
access-list 101 permit ip 12.0.0.0 0.0.0.255 255.255.255.0 0.0.0.0
Which would match an IP address of 12.0.0.x with a mask of 255.255.255.0. If we change this a little bit:
access-list 101 permit ip 12.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
Would match IP address 12.0.0.x with a mask of 255.255.255.x, which would be the equivilent of ge 24 in a prefix list.
access-list 101 permit ip 12.0.0.0 0.0.0.255 0.0.0.0 255.255.255.0
Would match IP address 12.0.0.x with a mask of x.x.x.0, which would be the equivilent of le 24 in a prefix list. Now lets try something really ugly.
access-list 101 permit ip 12.0.0.0 0.0.0.255 255.255.192.0 0.0.63.128
The address part is the same, but lets take a look at the mask and the mask mask (no that's not a typo:). Lets take a look at the binary.
255.255.192.0 = 11111111 11111111 11000000 00000000
0.0.63.128 = 00000000 00000000 00111111 10000000
11111111 11111111 11xxxxxx x0000000
This would match masks from 255.255.192.0 (/18) to 255.255.255.128 (/25). So this would be the prefix list equivilent of ge 18 le 25.
Now aren't you glad they came out with prefix lists?
-Tim Fletcher
At 04:48 PM 3/14/03 -0500, OhioHondo wrote:
>Every One
>
>Does this type of Extended ACL have a special name so I can look up
>documentation on it??
>
>access-list 101 permit ip 12.0.0.0 0.0.0.255 255.255.255.0 255.255.255.255
>
>Second: I can see where the 12.0.0.0 0.0.0.255 can be the equivalent of the
>12.0.0.0/24 part of a prefix list. Do the 255.255.255.0 and the
>255.255.255.255 have equivalents in prefix list designation? (i.e. one is
>the ge and one is the le?)
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:40 GMT-3