Re: access-list clarification

From: Bob Sinclair (bsin@cox.net)
Date: Sun Oct 10 2004 - 12:49:23 GMT-3

• Next message: mani poopal: "Re: access-list clarification"
• Previous message: mani poopal: "access-list clarification"
• Maybe in reply to: mani poopal: "access-list clarification"
• Next in thread: mani poopal: "Re: access-list clarification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Mani,

Access-list access-list 101 deny ip host 150.150.0.0 host 255.255.0.0
allows an exact match on the /16 mask length. The difference is that
acess-list 10 deny 150.150.0.0 0.0.255.255 also denies 150.150.0.0 /20,
/24, /28, /30, etcetera. You can use the extended access-list syntax to
mimic the prefix-list mask-length matching capability.

For example:

ip prefix-list 1 deny 150.150.0.0/16 ge 16 le 24

matches on all /16 thru /24 subnets of 150.150.0.0. This could be done with
an extended access-list as follows:

access-list 101 permit ip any any 150.150.0.0 0.0.255.255 255.255.0.0
0.0.255.0

Here is a brief discussion in the Cisco docs:
http://www.cisco.com/warp/public/459/22.html#acclists

The best discussion I have seen is in Randy Zhang's book "BGP Design and
Implementation"

HTH

Bob Sinclair
CCIE #10427, CISSP, MCSE
www.netmasterclass.net

----- Original Message -----
From: "mani poopal" <mani_ccie@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, October 10, 2004 10:35 AM
Subject: access-list clarification

> Hi Guys,
>
> To deny 150.150.0.0/16 network with access list, I would use
> (A.)acess-list 10 deny 150.150.0.0 0.0.255.255(standard acl). Guys I need
> exact clarifiation about "B" statement given below.
>
> (B.)access-list 101 deny ip host 150.150.0.0 host 255.255.0.0(extended
> acl). Is the last "host 255.255.0.0" keyword indicates "any", can we
> replace host 255.255.0.0 with "any" keyword. What is the difference
> between access-list statement A and B. I found the above access-list in a
> sample configuration. Any suggestion is appreciated.
>
> thanks
>
> Mani
>
>
> B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> (416)431 9929
> MANI_CCIE@YAHOO.COM
>
> ---------------------------------
> Do you Yahoo!?
> vote.yahoo.com - Register online to vote today!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: mani poopal: "Re: access-list clarification"
• Previous message: mani poopal: "access-list clarification"
• Maybe in reply to: mani poopal: "access-list clarification"
• Next in thread: mani poopal: "Re: access-list clarification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:46 GMT-3