RE: Extended ACL Filtering in RIP- Distribute-list

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Oct 25 2005 - 14:34:02 GMT-3

The first address is router it's coming from, the second address is the
route:

R1#show ip int brief | ex unassign

Interface IP-Address OK? Method Status
Protocol

FastEthernet0/0 123.0.0.1 YES manual up up

Loopback0 10.0.0.1 YES manual up up

Loopback1 20.0.0.2 YES manual up up

R1#show run | b router rip

router rip

 version 2

 network 10.0.0.0

 network 20.0.0.0

 network 123.0.0.0

R2#show ip int brief | ex unassign

Interface IP-Address OK? Method Status
Protocol

FastEthernet0/0 123.0.0.2 YES manual up up

Loopback0 10.0.0.1 YES manual up up

Loopback1 20.0.0.2 YES manual up up

R2#sh run | b router rip

router rip

 version 2

 network 10.0.0.0

 network 20.0.0.0

 network 123.0.0.0

R3#show ip route rip

R 20.0.0.0/8 [120/1] via 123.0.0.2, 00:00:00, Ethernet0/0

                [120/1] via 123.0.0.1, 00:00:00, Ethernet0/0

R 10.0.0.0/8 [120/1] via 123.0.0.2, 00:00:00, Ethernet0/0

                [120/1] via 123.0.0.1, 00:00:00, Ethernet0/0

R3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R3(config)#access-list 100 permit ip host 123.0.0.1 host 10.0.0.0

R3(config)#access-list 100 permit ip host 123.0.0.2 host 20.0.0.0

R3(config)#router rip

R3(config-router)#distribute-list 100 in e0/0

R3(config-router)#end

R3#show ip route rip

R 20.0.0.0/8 [120/1] via 123.0.0.2, 00:00:00, Ethernet0/0

R 10.0.0.0/8 [120/1] via 123.0.0.1, 00:00:00, Ethernet0/0

HTH,

Brian McGahan, CCIE #8593

bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.

http://www.InternetworkExpert.com

Toll Free: 877-224-8987 x 705

Outside US: 775-826-4344 x 705

24/7 Support: http://forum.internetworkexpert.com

Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----

> From: The Great Ryan [mailto:pv.ryan@gmail.com]

> Sent: Tuesday, October 25, 2005 12:19 PM

> To: Brian McGahan

> Cc: Arun Arumuganainar; Javier Tomi; Cisco certification

> Subject: Re: Extended ACL Filtering in RIP- Distribute-list

>

> Yes,

>

> When I tried to get help page from distribute-list, it shows that

> access-list is <1-199>

>

> SW1(config-router)#distribute-list ?

> <1-199> IP access list number

> <1300-2699> IP expanded access list number

> WORD Access-list name

> gateway Filtering incoming updates based on gateway

> prefix Filter prefixes in routing updates

>

> SW1(config-router)#distribute-list

>

>

> But can you show me which field represent neighbor address ?

> access-list 101 permit ip <A> <B> <C> <D>

>

> I found that it is funny to replace prefix-list by Extended ACL.

> However, I can't find any document related to the use of Extend ACL in

> distribute-list , redistribution......

>

>

> Regards,

> Ryan

>

>

>

>

>

>

> 2005/10/26, Brian McGahan <bmcgahan@internetworkexpert.com>:

> > Extended access-lists *are* supported through distribute-list

> application. This is the legacy implementation that has been replaced by

> the "distribute-list prefix" option. Using an extended ACL in this case

> is used to match on the prefix (route) and who it is coming from (neighbor

> address). It is not used in place of a prefix-list like in BGP to match

> on prefix and prefix-length. In other words you can use the extended

> access-list to say I want to accept the route 1.2.3.0, but only from

> neighbor 5.6.7.8.

> >

> > HTH,

> >

> > Brian McGahan, CCIE #8593

> > bmcgahan@internetworkexpert.com

> >

> > Internetwork Expert, Inc.

> > http://www.InternetworkExpert.com

> > Toll Free: 877-224-8987 x 705

> > Outside US: 775-826-4344 x 705

> > 24/7 Support: http://forum.internetworkexpert.com

> > Live Chat: http://www.internetworkexpert.com/chat/

> >

> >

> > > -----Original Message-----

> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf

> Of

> > > Arun Arumuganainar

> > > Sent: Tuesday, October 25, 2005 10:52 AM

> > > To: The Great Ryan; Javier Tomi

> > > Cc: Cisco certification

> > > Subject: Re: Extended ACL Filtering in RIP- Distribute-list

> > >

> > > It seems that distribute list in RIP , EIGRP or IGRP supports only

> > > standard

> > > access list .

> > >

> > > Extended Access lists are not supported .Pls. refer to command

> reference

> > > for

> > > details .

> > >

> > >

> http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip

> > > _r

> > > /iprprt2/1rdrip.htm#wp1025120

> > >

> > > Thanks and Regards

> > > Arun

> > > ----- Original Message -----

> > > From: "The Great Ryan" <pv.ryan@gmail.com>

> > > To: "Javier Tomi" <fjtm@tid.es>

> > > Cc: "Cisco certification" <ccielab@groupstudy.com>

> > > Sent: Tuesday, October 25, 2005 12:50 PM

> > > Subject: Re: Extended ACL Filtering in RIP- Distribute-list

> > >

> > >

> > > > I tried to use it in redistribute between EIGRP and OSPF. it work

> fine.

> > > > but fail to apply on RIP.

> > > > I guess Extended ACL is not fully supported in 12.2T.

> > > >

> > > > Just want to confirm. Thanks !

> > > >

> > > >

> > > >

> > > > Ryan

> > > >

> > > >

> > > > 2005/10/25, Javier Tomi <fjtm@tid.es>:

> > > > > As far as I know that only stands for BGP, but I have never test

> it on

> > > > > other routing protocols...

> > > > >

> > > > >

> > > > >

> > > > > The Great Ryan wrote:

> > > > >

> > > > > >Hi Group,

> > > > > >

> > > > > >I create a distribute-list test in rip using ACL and want to

> allow

> > > > > >only Even route into my router. I can do it sucessfully by using

> > > > > >Standard ACL. I heard from this group that Extended ACL is better

> > > > > >because it also checks with netmask. However, I can't get any

> route

> > > > > >after using Extended ACL. Anything wrong ? My ACLs are as

> follows:

> > > > > >

> > > > > >access-list 1 permit 172.16.0.0 0.0.254.0

> > > > > >access-list 101 permit ip 172.16.0.0 0.0.254.0 255.255.255.0

> 0.0.0.0

> > > > > >

> > > > > >

> > > > > >Incoming RIP routes

> > > > > >==================

> > > > > >00:47:53: 172.16.0.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.1.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.2.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.3.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.4.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.5.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.6.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.7.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.8.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.9.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.10.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.11.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.12.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.13.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.14.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.15.0/24 via 0.0.0.0 in 1 hops

> > > > > >00:47:53: 172.16.16.0/24 via 0.0.0.0 in 1 hops

> > > > > >

> > > > > >

> > > > > >

> > > > > >Ryan

> > > > > >

> > > > >

> > >

> >_______________________________________________________________________

> > > > > >Subscription information may be found at:

> > > > > >http://www.groupstudy.com/list/CCIELab.html

> > > > >

> > > > >

> > >

> _______________________________________________________________________

> > > > > Subscription information may be found at:

> > > > > http://www.groupstudy.com/list/CCIELab.html

> > > >

> > > >

> _______________________________________________________________________

> > > > Subscription information may be found at:

> > > > http://www.groupstudy.com/list/CCIELab.html

> > >

> > >

> _______________________________________________________________________

> > > Subscription information may be found at:

> > > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:53 GMT-3