From: Kaiser Anwar (kaiseranwar@sbcglobal.net)
Date: Thu Jan 08 2004 - 22:50:19 GMT-3
Ok, what happens If it is something other then BGP. Because only BGP
understands Extended access list.
Thanks
----- Original Message -----
From: "Marvin Greenlee" <marvingreenlee@yahoo.com>
To: "Kaiser Anwar" <kaiseranwar@sbcglobal.net>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, January 08, 2004 7:45 PM
Subject: Re: classfull routes with an access list
>
>
> "...Filtering Using distribute-list with an Extended
> Access List
> Using a standard access list to filter supernets can
> be trickier. Assume Router 200 announces these
> networks: 10.10.1.0/24 through 10.10.31.0/24, and its
> aggregate, 10.10.0.0/19. Router 100 wishes to receive
> only the aggregate network, 10.10.0.0/19, and to
> filter out all specific networks.
>
> A standard access list, such as access-list 1 permit
> 10.10.0.0 0.0.31.255, will not work because it permits
> more networks than desired. The standard access list
> looks at the source IP address only and cannot check
> the length of the network mask. The access-list 1
> command above will permit 10.10.1.0/24, 10.10.2.0/24,
> and other specific networks.
>
> To permit only supernet 10.10.0.0/19, we use an
> extended access list, such as access-list 101 permit
> ip 10.10.0.0 0.0.0.0 255.255.224.0 0.0.0.0. The format
> of the extended access-list command is as follows:
>
> access-list <access-list-number> {deny|permit}
> protocol source source-wildcard mask mask-wildcard
> In our example, the source is 10.10.0.0 and the
> source-wildcard of 0.0.0.0 is configured for an exact
> match of source. A mask of 255.255.224.0, and a
> mask-wildcard of 0.0.0.0 is configured for an exact
> match of source mask. If any one of them(source or
> mask) does not have a exact match. Access-list denies
> it.
>
> This allows the extended access-list command to permit
> an exact match of source network number 10.10.0.0 with
> mask 255.255.224.0 (i.e., 10.10.0.0/19).
>
> access-list 101 permit ip 10.10.0.0 0.0.0.0
> 255.255.224.0 0.0.0.0"
> ....
>
> Reference - Cisco - BGP - How to block one or more
> networks from a BGP peer-
>
http://www.cisco.com/en/US/tech/tk365/tk80/technologies_tech_note09186a00801310cb.shtml
>
>
> Sincerely
> Marvin Greenlee, CCIE #12237
> Network Learning, Inc
>
> --- Kaiser Anwar <kaiseranwar@sbcglobal.net> wrote:
> > Hi,
> > I was wondering that would it be possible to permit
> > or block classfull routes
> > with access-list.I know it is done with prefix list.
> >
> > Thanks
> >
> >
> > Sincerely,
> > Kaiser Anwar
> > (847) 409-7261
> > CCNA, CCNP
> > CCSA, MCSE
> >
> >
> _______________________________________________________________________
> > Please help support GroupStudy by purchasing your
> > study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
> http://hotjobs.sweepstakes.yahoo.com/signingbonus
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:38 GMT-3