RE: Extended ACL Filtering in RIP- Distribute-list

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Oct 25 2005 - 14:11:02 GMT-3

• Next message: Scott Morris: "RE: Question about ip wccp"
• Previous message: Victor Cappuccio: "Understanding VTP Modes / Messages"
• Maybe in reply to: The Great Ryan: "Extended ACL Filtering in RIP- Distribute-list"
• Next in thread: The Great Ryan: "Re: Extended ACL Filtering in RIP- Distribute-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

        Extended access-lists *are* supported through distribute-list application. This is the legacy implementation that has been replaced by the "distribute-list prefix" option. Using an extended ACL in this case is used to match on the prefix (route) and who it is coming from (neighbor address). It is not used in place of a prefix-list like in BGP to match on prefix and prefix-length. In other words you can use the extended access-list to say I want to accept the route 1.2.3.0, but only from neighbor 5.6.7.8.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Arun Arumuganainar
> Sent: Tuesday, October 25, 2005 10:52 AM
> To: The Great Ryan; Javier Tomi
> Cc: Cisco certification
> Subject: Re: Extended ACL Filtering in RIP- Distribute-list
>
> It seems that distribute list in RIP , EIGRP or IGRP supports only
> standard
> access list .
>
> Extended Access lists are not supported .Pls. refer to command reference
> for
> details .
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip
> _r
> /iprprt2/1rdrip.htm#wp1025120
>
> Thanks and Regards
> Arun
> ----- Original Message -----
> From: "The Great Ryan" <pv.ryan@gmail.com>
> To: "Javier Tomi" <fjtm@tid.es>
> Cc: "Cisco certification" <ccielab@groupstudy.com>
> Sent: Tuesday, October 25, 2005 12:50 PM
> Subject: Re: Extended ACL Filtering in RIP- Distribute-list
>
>
> > I tried to use it in redistribute between EIGRP and OSPF. it work fine.
> > but fail to apply on RIP.
> > I guess Extended ACL is not fully supported in 12.2T.
> >
> > Just want to confirm. Thanks !
> >
> >
> >
> > Ryan
> >
> >
> > 2005/10/25, Javier Tomi <fjtm@tid.es>:
> > > As far as I know that only stands for BGP, but I have never test it on
> > > other routing protocols...
> > >
> > >
> > >
> > > The Great Ryan wrote:
> > >
> > > >Hi Group,
> > > >
> > > >I create a distribute-list test in rip using ACL and want to allow
> > > >only Even route into my router. I can do it sucessfully by using
> > > >Standard ACL. I heard from this group that Extended ACL is better
> > > >because it also checks with netmask. However, I can't get any route
> > > >after using Extended ACL. Anything wrong ? My ACLs are as follows:
> > > >
> > > >access-list 1 permit 172.16.0.0 0.0.254.0
> > > >access-list 101 permit ip 172.16.0.0 0.0.254.0 255.255.255.0 0.0.0.0
> > > >
> > > >
> > > >Incoming RIP routes
> > > >==================
> > > >00:47:53: 172.16.0.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.1.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.2.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.3.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.4.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.5.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.6.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.7.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.8.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.9.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.10.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.11.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.12.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.13.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.14.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.15.0/24 via 0.0.0.0 in 1 hops
> > > >00:47:53: 172.16.16.0/24 via 0.0.0.0 in 1 hops
> > > >
> > > >
> > > >
> > > >Ryan
> > > >
> > >
> >_______________________________________________________________________
> > > >Subscription information may be found at:
> > > >http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: Question about ip wccp"
• Previous message: Victor Cappuccio: "Understanding VTP Modes / Messages"
• Maybe in reply to: The Great Ryan: "Extended ACL Filtering in RIP- Distribute-list"
• Next in thread: The Great Ryan: "Re: Extended ACL Filtering in RIP- Distribute-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:53 GMT-3