Re: Extended ACL Filtering in RIP- Distribute-list

From: The Great Ryan (pv.ryan@gmail.com)
Date: Tue Oct 25 2005 - 14:18:38 GMT-3

Yes,

When I tried to get help page from distribute-list, it shows that
access-list is <1-199>

SW1(config-router)#distribute-list ?
  <1-199> IP access list number
  <1300-2699> IP expanded access list number
  WORD Access-list name
  gateway Filtering incoming updates based on gateway
  prefix Filter prefixes in routing updates

SW1(config-router)#distribute-list

But can you show me which field represent neighbor address ?
access-list 101 permit ip <A> <B> <C> <D>

I found that it is funny to replace prefix-list by Extended ACL.
However, I can't find any document related to the use of Extend ACL in
distribute-list , redistribution......

Regards,
Ryan

2005/10/26, Brian McGahan <bmcgahan@internetworkexpert.com>:
> Extended access-lists *are* supported through distribute-list application. This is the legacy implementation that has been replaced by the "distribute-list prefix" option. Using an extended ACL in this case is used to match on the prefix (route) and who it is coming from (neighbor address). It is not used in place of a prefix-list like in BGP to match on prefix and prefix-length. In other words you can use the extended access-list to say I want to accept the route 1.2.3.0, but only from neighbor 5.6.7.8.
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Arun Arumuganainar
> > Sent: Tuesday, October 25, 2005 10:52 AM
> > To: The Great Ryan; Javier Tomi
> > Cc: Cisco certification
> > Subject: Re: Extended ACL Filtering in RIP- Distribute-list
> >
> > It seems that distribute list in RIP , EIGRP or IGRP supports only
> > standard
> > access list .
> >
> > Extended Access lists are not supported .Pls. refer to command reference
> > for
> > details .
> >
> > http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip
> > _r
> > /iprprt2/1rdrip.htm#wp1025120
> >
> > Thanks and Regards
> > Arun
> > ----- Original Message -----
> > From: "The Great Ryan" <pv.ryan@gmail.com>
> > To: "Javier Tomi" <fjtm@tid.es>
> > Cc: "Cisco certification" <ccielab@groupstudy.com>
> > Sent: Tuesday, October 25, 2005 12:50 PM
> > Subject: Re: Extended ACL Filtering in RIP- Distribute-list
> >
> >
> > > I tried to use it in redistribute between EIGRP and OSPF. it work fine.
> > > but fail to apply on RIP.
> > > I guess Extended ACL is not fully supported in 12.2T.
> > >
> > > Just want to confirm. Thanks !
> > >
> > >
> > >
> > > Ryan
> > >
> > >
> > > 2005/10/25, Javier Tomi <fjtm@tid.es>:
> > > > As far as I know that only stands for BGP, but I have never test it on
> > > > other routing protocols...
> > > >
> > > >
> > > >
> > > > The Great Ryan wrote:
> > > >
> > > > >Hi Group,
> > > > >
> > > > >I create a distribute-list test in rip using ACL and want to allow
> > > > >only Even route into my router. I can do it sucessfully by using
> > > > >Standard ACL. I heard from this group that Extended ACL is better
> > > > >because it also checks with netmask. However, I can't get any route
> > > > >after using Extended ACL. Anything wrong ? My ACLs are as follows:
> > > > >
> > > > >access-list 1 permit 172.16.0.0 0.0.254.0
> > > > >access-list 101 permit ip 172.16.0.0 0.0.254.0 255.255.255.0 0.0.0.0
> > > > >
> > > > >
> > > > >Incoming RIP routes
> > > > >==================
> > > > >00:47:53: 172.16.0.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.1.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.2.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.3.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.4.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.5.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.6.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.7.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.8.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.9.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.10.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.11.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.12.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.13.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.14.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.15.0/24 via 0.0.0.0 in 1 hops
> > > > >00:47:53: 172.16.16.0/24 via 0.0.0.0 in 1 hops
> > > > >
> > > > >
> > > > >
> > > > >Ryan
> > > > >
> > > >
> > >_______________________________________________________________________
> > > > >Subscription information may be found at:
> > > > >http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:53 GMT-3