RE: Prefix-list

From: none (alsontra@hotmail.com)
Date: Sat Nov 13 2004 - 15:29:18 GMT-3

• Next message: Richard Dumoulin: "RE : Internetwork Expert and VaporWare"
• Previous message: Xy: "Re: Deleting Vlan and VTP info"
• Maybe in reply to: Bob Smith: "Prefix-list"
• Next in thread: ccie2be: "Re: Prefix-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I cannot remember when, but someone once said that using access-lists in
this way pre-dates prefix-list. Meaning this was how you matched both a
prefix(s) and its mask before some ultra savvy Cisco engineer invented or
introduced the IOS to prefix-list.

As to how IOS knows when you're matching a mask as apposed to a
destination??? I think it just depends on usage. Perhaps one of the list
elders can shed some light on the topic.... :-)

Brian?Brian?Sccott?Howard??Paul?

Alsontra

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Saturday, November 13, 2004 10:29 AM
To: none; 'Bob Smith'; ccielab@groupstudy.com
Subject: Re: Prefix-list

Hi Alsontra,

I've known about this for a while, but I never understood one thing. Maybe
you can clear this up.

Consider the first example,

access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.0.0 0.0.0.0

How does IOS know that the "255.255.0.0 0.0.0.0" portion should be
interpreted as

 <subnet mask> <wildcard mask of subnet mask>

instead of as

<destination prefix> <prefix mask>

Granted, there aren't subnet destinations that begin with 255 since that's
reserved for broadcast, but remember that number could be any number instead
of 255.

Any insight would be greatly appreciated.

TIA, Tim

----- Original Message -----
From: "none" <alsontra@hotmail.com>
To: "'Bob Smith'" <ccnet101@nmccentral.com>; <ccielab@groupstudy.com>
Sent: Saturday, November 13, 2004 10:53 AM
Subject: RE: Prefix-list

> Try using an extended access-list - I've also attached a previous post
from
> Brian Dennis. If you can't figure it out I'll explain, but working this
out
> for your self will do you good. Trust me.
>
> <snip>
> Here is the syntax:
> access-list <ACL #> permit ip <network> <wildcard mask of network> <subnet
> mask> <wildcard mask of subnet mask>
>
> Here are some examples:
> access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.0.0 0.0.0.0 Matches
> 10.0.0.0/16 - Only
>
> access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.255.0 0.0.0.0 Matches
> 10.0.0.0/24 - Only
>
> access-list 100 permit ip 10.1.1.0 0.0.0.0 255.255.255.0 0.0.0.0 Matches
> 10.1.1.0/24 - Only
>
> access-list 100 permit ip 10.0.0.0 0.0.255.0 255.255.255.0 0.0.0.0 Matches
> 10.0.X.0/24 - Any number in the 3rd octet of the network with a
> /24 subnet mask.
>
> access-list 100 permit ip 10.0.0.0 0.255.255.0 255.255.255.0 0.0.0.0
Matches
> 10.X.X.0/24 - Any number in the 2nd & 3rd octet of the network with a /24
> subnet mask.
>
> access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.240 0.0.0.0
> Matches 10.X.X.X/28 - Any number in the 2nd, 3rd & 4th octet of the
network
> with a /28 subnet mask.
>
> access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.0 0.0.0.255
> Matches 10.X.X.X/24 to 10.X.X.X/32 - Any number in the 2nd, 3rd & 4th
octet
> of the network with a /24 to /32 subnet mask.
>
> access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.128
> 0.0.0.127
> Matches 10.X.X.X/25 to 10.X.X.X/32 - Any number in the 2nd, 3rd & 4th
octet
> of the network with a /25 to /32 subnet mask
>
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> bdennis@internetworkexpert.com Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
> </snip>
>
> HTH
> Alsontra
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bob
> Smith
> Sent: Saturday, November 13, 2004 3:11 AM
> To: ccielab@groupstudy.com
> Subject: Prefix-list
>
> say if i have 5 routes:
>
> 192.168.1.0/24
> 192.168.2.0/24
> 192.168.3.0/24
> 192.168.4.0/24
> 192.168.5.0/24
>
> With a prefix-list, is there anyway to permit say only subnet 3 and 4 with
> one line?
> Or with a access-list?
>
> If so, can you put the solution in steps and break it out in binary, i
have
> spent so many hours and reading so many posts, but they seem to be
> contradicting themselves...just don't know how it can be done....please
help
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Richard Dumoulin: "RE : Internetwork Expert and VaporWare"
• Previous message: Xy: "Re: Deleting Vlan and VTP info"
• Maybe in reply to: Bob Smith: "Prefix-list"
• Next in thread: ccie2be: "Re: Prefix-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:43 GMT-3