RE: complex prefix-list and extended ACL scenario

From: OhioHondo (ohiohondo@columbus.rr.com)
Date: Wed Apr 30 2003 - 22:00:47 GMT-3

• Next message: Tom Young: "ebgp-multihop's account"
• Previous message: David Cho: "RE: redistributing ISIS into OSPF not working"
• Maybe in reply to: Brian McGahan: "RE: complex prefix-list and extended ACL scenario"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm going to take a stab at this.

In BGP you do prefix lists.

In OSPF and EIGRP a normal ACL can filter about anything.
What is an example of some thing you want to filter in OSPF or EIGRP that
can't be handles by a normal ACL???

I may be way off base.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Blanco Lam
Sent: Wednesday, April 30, 2003 5:28 PM
To: Brian McGahan
Cc: ccielab@groupstudy.com
Subject: RE: complex prefix-list and extended ACL scenario

Brian,

I've tested the ACL with BGP and it worked. However, when I tried
it with EIGRP or OSPF, it failed (i.e. blocked all routes).

Any ideas?

Regards,

Blanco

---- Original message ----
>Date: Tue, 29 Apr 2003 16:56:17 -0500
>From: "Brian McGahan" <brian@cyscoexpert.com>
>Subject: RE: complex prefix-list and extended ACL scenario
>To: "'Blanco Lam'" <b@gclamb.com>, <ccielab@groupstudy.com>
>
>Blanco,
>
> This is the situation in which OhioHondo mentioned. An extended
>access-list can be used to check on both the network and mask of a
>prefix. The syntax is as follows:
>
>Access-list 100 permit ip [network] [network_wildcard] [subnet_mask]
>[subnet_mask_wildcard]
>
> Therefore, the syntax for "Allow 10.1.x.0 networks *AND* only
>networks with mask /25 (where x is an odd number)" would be:
>
>Access-list 100 permit ip 10.1.1.0 0.0.254.255 host 255.255.255.128
>
> Furthermore, since your network address would always end in
>either .0 or .128, the following list would be even more accurate:
>
>Access-list 100 permit ip 10.1.1.0 0.0.254.128 host 255.255.255.128
>
>However, the first list would still suffice.
>
>
>HTH
>
>Brian McGahan, CCIE #8593
>Director of Design and Implementation
>brian@cyscoexpert.com
>
>CyscoExpert Corporation
>Internetwork Consulting & Training
>Toll Free: 866.CyscoXP
>Fax: 847.674.2625
>
>
>> -----Original Message-----
>> From: Blanco Lam [mailto:b@gclamb.com]
>> Sent: Monday, April 28, 2003 5:27 PM
>> To: brian@cyscoexpert.com
>> Subject: complex prefix-list and extended ACL scenario
>>
>> Hi Brian,
>>
>> I know there's been a thread going on about extended ACL and
>prefix-list.
>> I've also read about a post you've made some time ago with regards to
>> prefix-
>> list.
>>
>> However, I've been having trouble getting the following to work:
>>
>> Sample scenario - I'm receiving routes the following routes from an
>EIGRP
>> neighbour:
>>
>> 10.1.1.0/24
>> 10.1.1.0/25
>> 10.1.3.0/25
>> 10.1.3.0/26
>>
>> Requirement: Allow 10.1.x.0 networks *AND* only networks with mask /25
>> (where x
>> is an odd number)
>>
>> >From what I understand, prefix-list cannot check on whether an octet
>is
>> odd or
>> even and therefore only an standard/extended ACL can do that. But a
>> standard/extended ACL cannot check on mask.
>>
>> Thanks,
>>
>> Blanco

• Next message: Tom Young: "ebgp-multihop's account"
• Previous message: David Cho: "RE: redistributing ISIS into OSPF not working"
• Maybe in reply to: Brian McGahan: "RE: complex prefix-list and extended ACL scenario"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:10 GMT-3