RE: What is the extended access list used for in BGP?

From: Brian Dennis (brian@labforge.com)
Date: Mon Mar 17 2003 - 12:40:28 GMT-3

• Next message: Brown, Patrick (NSOC-OCF}: "RE: GRE Tunnel with IPSec encapsulation!"
• Previous message: Jung, Jin: "Cisco User Registration Tool, -- anyone using it,"
• Maybe in reply to: Fan Shan: "What is the extended access list used for in BGP?"
• Next in thread: Peter: "Re: What is the extended access list used for in BGP?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here what I posted Friday about the same type of question relating to
extended ACLs.

The syntax for using an extended ACL for filtering routes is:
access-list <ACL #> permit ip <network> <wildcard mask of network>
<subnet mask> <wildcard mask of subnet mask>

Here are some examples:
access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.0.0 0.0.0.0 matches
10.0.0.0/16 - Only

access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.255.0 0.0.0.0 matches
10.0.0.0/24 - Only

access-list 100 permit ip 10.1.1.0 0.0.0.0 255.255.255.0 0.0.0.0 matches
10.1.1.0/24 - Only

access-list 100 permit ip 10.0.0.0 0.0.255.0 255.255.255.0 0.0.0.0
matches 10.0.X.0/24 - Any number in the 3rd octet of the network with a
/24 subnet mask

access-list 100 permit ip 10.0.0.0 0.255.255.0 255.255.255.0 0.0.0.0
matches 10.X.X.0/24 - Any number in the 2nd & 3rd octet of the network
with a /24 subnet mask

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.240 0.0.0.0
matches 10.X.X.X/28 - Any number in the 2nd, 3rd & 4th octet of the
network with a /28 subnet mask

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.0 0.0.0.255
matches 10.X.X.X/24 to 10.X.X.X/32 - Any number in the 2nd, 3rd & 4th
octet of the network with a /24 to /32 subnet mask

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.128
0.0.0.127 matches 10.X.X.X/25 to 10.X.X.X/32 - Any number in the 2nd,
3rd & 4th octet of the network with a /25 to /32 subnet mask

Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) CCSI# 98640
brian@labforge.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Fan Shan
Sent: Monday, March 17, 2003 3:46 AM
To: ccielab@groupstudy.com
Subject: What is the extended access list used for in BGP?

I remembered had seen before an extended access list is used in BGP,
like
access-list 100 permit ip host 10.10.10.0 host 255.255.255.0
What is it used for? I can't remember it,who will tell me ?

• Next message: Brown, Patrick (NSOC-OCF}: "RE: GRE Tunnel with IPSec encapsulation!"
• Previous message: Jung, Jin: "Cisco User Registration Tool, -- anyone using it,"
• Maybe in reply to: Fan Shan: "What is the extended access list used for in BGP?"
• Next in thread: Peter: "Re: What is the extended access list used for in BGP?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3