From: Donny mateo Tandase (donnymateo@yahoo.com)
Date: Thu Sep 22 2005 - 00:42:38 GMT-3
Depends on the goal really.
The standard access-list will work functionaly. (permit 10.0.0.0 0.0.0.0 or never try this but should be ok permit host 10.0.0.0)
The extended acces-list will also work and would be "grammatically" more accurate.
ip access-list extended bla
permit 10.0.0.0 0.0.0.0 255.0.0.0 0.0.0.0
The first pair (source ip for normal ACL) determines the subnet ID and it's wildcard, while the second pair (destination ip for normal ACL) determine the subnet mask ID and it's wildcard.
Cheers,
Donny
Lee Donald <Lee.Donald@t-systems.co.uk> wrote:
Mat,
You don't need an extended access-list for that.
Access-list 1 permit 10.0.0.0 0.255.255.255
Regards
Lee.
-----Original Message-----
From: mathew [mailto:mathew@oztralia.com]
Sent: Wednesday, September 21, 2005 8:24 AM
To: ccielab@groupstudy.com
Subject: Prefix-list function using Extended ACL. How to do that?
Hi All,
Can someone let me know how to build a IP Extended access-list to
replace a prefix list - ip prefix-list PRIVATE-SUPER permit 10.0.0.0/8?
When I tried using the ACL - "access-list 112 permit ip host 10.0.0.0
host 255.0.0.0" to filter only 10.0.0.0/8, it did not work.
However, when I tried the ACL - "access-list 112 permit ip host 0.0.0.0
host 0.0.0.0" to filter only 0.0.0.0/0, it worked.
The reason is that there are many routers with ACL 112 and it is easy to
add the 10.0.0.0/8 with an same ACL.
Thanks for the replies.
mathew
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:16 GMT-3