From: Peter (peter@cyscoexpert.com)
Date: Mon Mar 17 2003 - 11:55:49 GMT-3
Extended ACLs are used in BGP with filtering prefixes. They get the special
meaning then, where source IP address portion becomes the prefix (network
address) and destination IP address becomes the mask.
So you get:
access-list 100 permit ip network wildcard mask wildcard
Your example:
access-list 100 permit ip host 10.10.10.0 host 255.255.255.0
means allow prefix exactly 10.10.10.0/24 (since keyword "host" was used
which is wildcard 0.0.0.0 - exact match)
Let's say you wanted to allow prefixes with 10 in the first octet (anything
is second or third) and any mask between /8 and /24:
access-list 100 permit ip 10.0.0.0 0.255.255.0 255.0.0.0 0.255.255.0
_____________________________
Peter
#7247 (R&S, Security)
CyscoExpert Corp.
4433 W. Touhy Ave. Suite 410
Lincolnwood, IL 60712
Phone (847) 674-3392
Toll Free (866) CyscoXP (297-2697)
Fax (847) 674-2625
----- Original Message -----
From: "Fan Shan" <shanf@public.jn.sd.cn>
To: <ccielab@groupstudy.com>
Sent: Monday, March 17, 2003 5:46 AM
Subject: What is the extended access list used for in BGP?
> I remembered had seen before an extended access list is used in BGP, like
> access-list 100 permit ip host 10.10.10.0 host 255.255.255.0
> What is it used for? I can't remember it,who will tell me ?
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3