From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Thu May 12 2005 - 15:37:29 GMT-3
Tim,
You like that question? Brian McGahan thought I was being mean
when I wrote it ;-)
I've answered this before in regards to using extended ACLs for
filtering with IGP protocols. Search the archives. But yes it does
work for other IGPs and is not documented. It has a lot of real world
uses.
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Thursday, May 12, 2005 11:24 AM
To: Group Study
Subject: new ACL usage ???
Hi guys,
Here's the scenario:
rtr-1 rtr-2 (rtr-3 to be added in the future)
|---------------------|--------------|
192.10.1.x/24 .253
Requirement: RTR-1 should only accept route 222.22.2.0 from this new
router
at ip addr 192.10.1.253/24 and not from rtr-2.
The Solution is below.
What stands out about this is the first acl entry. I've never seen an
acl
used this way. Is this documented anywhere on the Doc-CD?
Will this type of filtering work for other IGP's?
TIA, Tim
rtr-2
int e0
ip addr 192.10.1.2 255.255.255.0
rtr-1
int e0
ip addr 192.10.1.1 255.255.255.0
router rip
distribute-list 100 in Ethernet0/0
!
access-list 100 permit ip host 192.10.1.253 host 222.22.2.0
access-list 100 deny ip any host 222.22.2.0
access-list 100 permit ip any any
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3