Extended ACL with EIGRP

From: gladston@br.ibm.com
Date: Wed Aug 03 2005 - 10:34:07 GMT-3

Next message: john matijevic: "pix 7.0 with domain integration"
Previous message: Nishant Sharma \(IT\): "Can PIX 515 HA be used as MLS device"
Next in thread: Arun Arumuganainar: "Re: Extended ACL with EIGRP"
Maybe reply: Arun Arumuganainar: "Re: Extended ACL with EIGRP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Have you seem this behavior?
Distribute-list with an extended acl works, but only if the network is specified on the destination of the acl.

Rack2CAT1#b router ei
router eigrp 147
network 148.5.147.0 0.0.0.255
distribute-list 141 in

Rack2CAT1#sir ei
148.5.0.0/16 is variably subnetted, 34 subnets, 4 masks
D 148.5.214.8/29
[90/409600] via 148.5.147.14, 00:00:33, FastEthernet0/24

Rack2CAT1#i access-list 141
access-list 141 permit ip any host 148.5.214.8

Specifying it on the source does not work:

Rack2CAT1(config-router)#access-list 139 per ip h 148.5.214.8 a
Rack2CAT1(config)#router eigrp 147
Rack2CAT1(config-router)#distribute-list 139

Rack2CAT1(config-router)#do sir ei

Just as a test, using the BGP style also does not work;

Rack2CAT1(config-router)#access-list 140 per ip h 148.5.214.8 h 255.255.255.248
Rack2CAT1(config)#router eigrp 147
Rack2CAT1(config-router)#distribute-list 139

Rack2CAT1(config-router)#do sir ei

What do you think?
I am wondering if it is better to forget about it (no useful) and just use standard ACL with EIGRP/RIP/OSPF)

Next message: john matijevic: "pix 7.0 with domain integration"
Previous message: Nishant Sharma \(IT\): "Can PIX 515 HA be used as MLS device"
Next in thread: Arun Arumuganainar: "Re: Extended ACL with EIGRP"
Maybe reply: Arun Arumuganainar: "Re: Extended ACL with EIGRP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:18 GMT-3