From: Joe Chang (changjoe@earthlink.net)
Date: Mon Apr 07 2003 - 16:00:06 GMT-3
I think "host 255.255.0.0" is just shorthand for "255.255.0.0 0.0.0.0".
BGP specific route-maps cannot match with a prefix-list, which makes the use
of extended ACLs necessary.
----- Original Message -----
From: "Jason Wydra" <jasonwydra@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Monday, April 07, 2003 2:55 PM
Subject: IP EXTENDED ACCESS-LIST USAGE IN BGP
> I don't quite understand the logic of this access list.
>
> access-list access-list-number permit ip network-number
network-do-not-care-bits mask mask-do-not-care-bits
>
> If you want to filter on 172.16.0.0 only you would do this (according to
Halabi page 314):
>
> access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
>
> Another example would be if you wanted to pass an aggregate-address with
the more specifics to one AS but only pass the summary to anything beyond.
The Halabi book (p. 348) shows this for of the access list using the summary
172.16.0.0/16.
>
> access-list 101 permit ip 172.16.0.0 0.0.255.255 host 255.255.0.0
>
> Can someone explain the logic behind these access lists and also the
difference in using "host" statements within. Also, could you use a
prefix-list to accomplish the same with less confusion and complexity?
>
> Thanks,
>
> Jason Wydra
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Tax Center - File online, calculators, forms, and more
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:48 GMT-3