From: Brian Dennis (brian@labforge.com)
Date: Wed Jun 18 2003 - 00:11:49 GMT-3
In his example he is trying to allow the 172.16.0.0/22 summary so the
ACL would be:
access-list 100 permit ip 172.16.0.0 0.0.0.0 255.255.252.0 0.0.0.0
This ACL permits only 172.16.0.0 with a subnet mask of /22
His ACL is:
access-list 100 permit ip 172.16.0.0 0.0.3.255 255.255.252.0 0.0.0.0
This ACL permits 172.16.[0-3].[0-255] with a subnet mask of /22
They both will work but the bottom one is "sloppy".
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
SHARMA,MOHIT (HP-Germany,ex1)
Sent: Tuesday, June 17, 2003 2:01 PM
To: ccielab@groupstudy.com
Subject: Extended ACL with distribute list
HI All,
Going thru the PArkhurst BGP book, found an example for the acl while
using
BGP distribute list-
According to the book to match the aggregate 172.16.0.0 255.255.252.0,
you
use-
access-list 100 permit 172.16.0.0 0.0.3.255 255.255.252.0 0.0.0.0
IS this really right????????
Can I also use -
access-list 100 permit 172.16.0.0 0.0.0.255 255.255.252.0 0.0.0.0
Why do I need a 0.0.3.255 and not a complete 0.0.0.0 to match the
network??
Also will these work as well-
access-list 100 permit host 172.16.0.0 host 255.255.252.0
or
prefix-list seq 5 permit 172.16.0.0/22.
PLease do help.
Thanks as always.
Smiles,
Mohit.__________________________________________________________________
__
****** _/ ****** | Mohit Sharma
***** _/ ***** | Network Operations Engineer
**** _/_/_/ _/_/_/ **** | HP Operations
**** _/ _/ _/ _/ **** |
**** _/ _/ _/_/_/ **** |
***** _/ ***** |
****** ******* | email: mohit_sharma@hp.com
|
i n v e n t |
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:59 GMT-3