From: Javier Tomé (fjtm@tid.es)
Date: Tue Oct 25 2005 - 17:39:56 GMT-3
Ok, so summarizing, if we have the following ACL applied to a
distribute-list
access-list 101 permit ip <A> <B> <C> <D>
On RIP, IGRP, EIGRP -> (A,B) identify the advertising router, (C,D)
identify the prefix
On BGP -> (A,B) identify the network number of the prefix, (C,D)
identify the mask of the prefix
On OSPF... ????????
Brian McGahan wrote:
>The first address is router it's coming from, the second address is the
>route:
>
>
>
>R1#show ip int brief | ex unassign
>
>Interface IP-Address OK? Method Status
>Protocol
>
>FastEthernet0/0 123.0.0.1 YES manual up up
>
>Loopback0 10.0.0.1 YES manual up up
>
>Loopback1 20.0.0.2 YES manual up up
>
>
>
>R1#show run | b router rip
>
>router rip
>
> version 2
>
> network 10.0.0.0
>
> network 20.0.0.0
>
> network 123.0.0.0
>
>
>
>R2#show ip int brief | ex unassign
>
>Interface IP-Address OK? Method Status
>Protocol
>
>FastEthernet0/0 123.0.0.2 YES manual up up
>
>Loopback0 10.0.0.1 YES manual up up
>
>Loopback1 20.0.0.2 YES manual up up
>
>
>
>R2#sh run | b router rip
>
>router rip
>
> version 2
>
> network 10.0.0.0
>
> network 20.0.0.0
>
> network 123.0.0.0
>
>
>
>R3#show ip route rip
>
>R 20.0.0.0/8 [120/1] via 123.0.0.2, 00:00:00, Ethernet0/0
>
> [120/1] via 123.0.0.1, 00:00:00, Ethernet0/0
>
>R 10.0.0.0/8 [120/1] via 123.0.0.2, 00:00:00, Ethernet0/0
>
> [120/1] via 123.0.0.1, 00:00:00, Ethernet0/0
>
>R3#conf t
>
>Enter configuration commands, one per line. End with CNTL/Z.
>
>R3(config)#access-list 100 permit ip host 123.0.0.1 host 10.0.0.0
>
>R3(config)#access-list 100 permit ip host 123.0.0.2 host 20.0.0.0
>
>R3(config)#router rip
>
>R3(config-router)#distribute-list 100 in e0/0
>
>R3(config-router)#end
>
>R3#show ip route rip
>
>R 20.0.0.0/8 [120/1] via 123.0.0.2, 00:00:00, Ethernet0/0
>
>R 10.0.0.0/8 [120/1] via 123.0.0.1, 00:00:00, Ethernet0/0
>
>
>
>
>
>HTH,
>
>
>
>Brian McGahan, CCIE #8593
>
>bmcgahan@internetworkexpert.com
>
>
>
>Internetwork Expert, Inc.
>
>http://www.InternetworkExpert.com
>
>Toll Free: 877-224-8987 x 705
>
>Outside US: 775-826-4344 x 705
>
>24/7 Support: http://forum.internetworkexpert.com
>
>Live Chat: http://www.internetworkexpert.com/chat/
>
>
>
>
>
>
>
>>-----Original Message-----
>>
>>
>
>
>
>>From: The Great Ryan [mailto:pv.ryan@gmail.com]
>>
>>
>
>
>
>>Sent: Tuesday, October 25, 2005 12:19 PM
>>
>>
>
>
>
>>To: Brian McGahan
>>
>>
>
>
>
>>Cc: Arun Arumuganainar; Javier Tomi; Cisco certification
>>
>>
>
>
>
>>Subject: Re: Extended ACL Filtering in RIP- Distribute-list
>>
>>
>
>
>
>
>
>
>>Yes,
>>
>>
>
>
>
>
>
>
>>When I tried to get help page from distribute-list, it shows that
>>
>>
>
>
>
>>access-list is <1-199>
>>
>>
>
>
>
>
>
>
>>SW1(config-router)#distribute-list ?
>>
>>
>
>
>
>> <1-199> IP access list number
>>
>>
>
>
>
>> <1300-2699> IP expanded access list number
>>
>>
>
>
>
>> WORD Access-list name
>>
>>
>
>
>
>> gateway Filtering incoming updates based on gateway
>>
>>
>
>
>
>> prefix Filter prefixes in routing updates
>>
>>
>
>
>
>
>
>
>>SW1(config-router)#distribute-list
>>
>>
>
>
>
>
>
>
>
>
>
>>But can you show me which field represent neighbor address ?
>>
>>
>
>
>
>>access-list 101 permit ip <A> <B> <C> <D>
>>
>>
>
>
>
>
>
>
>>I found that it is funny to replace prefix-list by Extended ACL.
>>
>>
>
>
>
>>However, I can't find any document related to the use of Extend ACL in
>>
>>
>
>
>
>>distribute-list , redistribution......
>>
>>
>
>
>
>
>
>
>
>
>
>>Regards,
>>
>>
>
>
>
>>Ryan
>>
>>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>>2005/10/26, Brian McGahan <bmcgahan@internetworkexpert.com>:
>>
>>
>
>
>
>>> Extended access-lists *are* supported through distribute-list
>>>
>>>
>
>
>
>>application. This is the legacy implementation that has been replaced by
>>
>>
>
>
>
>>the "distribute-list prefix" option. Using an extended ACL in this case
>>
>>
>
>
>
>>is used to match on the prefix (route) and who it is coming from (neighbor
>>
>>
>
>
>
>>address). It is not used in place of a prefix-list like in BGP to match
>>
>>
>
>
>
>>on prefix and prefix-length. In other words you can use the extended
>>
>>
>
>
>
>>access-list to say I want to accept the route 1.2.3.0, but only from
>>
>>
>
>
>
>>neighbor 5.6.7.8.
>>
>>
>
>
>
>
>
>
>>>HTH,
>>>
>>>
>
>
>
>
>
>
>>>Brian McGahan, CCIE #8593
>>>
>>>
>
>
>
>>>bmcgahan@internetworkexpert.com
>>>
>>>
>
>
>
>
>
>
>>>Internetwork Expert, Inc.
>>>
>>>
>
>
>
>>>http://www.InternetworkExpert.com
>>>
>>>
>
>
>
>>>Toll Free: 877-224-8987 x 705
>>>
>>>
>
>
>
>>>Outside US: 775-826-4344 x 705
>>>
>>>
>
>
>
>>>24/7 Support: http://forum.internetworkexpert.com
>>>
>>>
>
>
>
>>>Live Chat: http://www.internetworkexpert.com/chat/
>>>
>>>
>
>
>
>
>
>
>
>
>
>>>>-----Original Message-----
>>>>
>>>>
>
>
>
>>>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>>>
>>>>
>
>
>
>>Of
>>
>>
>
>
>
>>>>Arun Arumuganainar
>>>>
>>>>
>
>
>
>>>>Sent: Tuesday, October 25, 2005 10:52 AM
>>>>
>>>>
>
>
>
>>>>To: The Great Ryan; Javier Tomi
>>>>
>>>>
>
>
>
>>>>Cc: Cisco certification
>>>>
>>>>
>
>
>
>>>>Subject: Re: Extended ACL Filtering in RIP- Distribute-list
>>>>
>>>>
>
>
>
>
>
>
>>>>It seems that distribute list in RIP , EIGRP or IGRP supports only
>>>>
>>>>
>
>
>
>>>>standard
>>>>
>>>>
>
>
>
>>>>access list .
>>>>
>>>>
>
>
>
>
>
>
>>>>Extended Access lists are not supported .Pls. refer to command
>>>>
>>>>
>
>
>
>>reference
>>
>>
>
>
>
>>>>for
>>>>
>>>>
>
>
>
>>>>details .
>>>>
>>>>
>
>
>
>
>
>
>
>
>
>>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip
>>
>>
>
>
>
>>>>_r
>>>>
>>>>
>
>
>
>>>>/iprprt2/1rdrip.htm#wp1025120
>>>>
>>>>
>
>
>
>
>
>
>>>>Thanks and Regards
>>>>
>>>>
>
>
>
>>>>Arun
>>>>
>>>>
>
>
>
>>>>----- Original Message -----
>>>>
>>>>
>
>
>
>>>>From: "The Great Ryan" <pv.ryan@gmail.com>
>>>>
>>>>
>
>
>
>>>>To: "Javier Tomi" <fjtm@tid.es>
>>>>
>>>>
>
>
>
>>>>Cc: "Cisco certification" <ccielab@groupstudy.com>
>>>>
>>>>
>
>
>
>>>>Sent: Tuesday, October 25, 2005 12:50 PM
>>>>
>>>>
>
>
>
>>>>Subject: Re: Extended ACL Filtering in RIP- Distribute-list
>>>>
>>>>
>
>
>
>
>
>
>
>
>
>>>>>I tried to use it in redistribute between EIGRP and OSPF. it work
>>>>>
>>>>>
>
>
>
>>fine.
>>
>>
>
>
>
>>>>>but fail to apply on RIP.
>>>>>
>>>>>
>
>
>
>>>>>I guess Extended ACL is not fully supported in 12.2T.
>>>>>
>>>>>
>
>
>
>
>
>
>>>>>Just want to confirm. Thanks !
>>>>>
>>>>>
>
>
>
>
>
>
>
>
>
>
>
>
>>>>>Ryan
>>>>>
>>>>>
>
>
>
>
>
>
>
>
>
>>>>>2005/10/25, Javier Tomi <fjtm@tid.es>:
>>>>>
>>>>>
>
>
>
>>>>>>As far as I know that only stands for BGP, but I have never test
>>>>>>
>>>>>>
>
>
>
>>it on
>>
>>
>
>
>
>>>>>>other routing protocols...
>>>>>>
>>>>>>
>
>
>
>
>
>
>
>
>
>
>
>
>>>>>>The Great Ryan wrote:
>>>>>>
>>>>>>
>
>
>
>
>
>
>>>>>>>Hi Group,
>>>>>>>
>>>>>>>
>
>
>
>
>
>
>>>>>>>I create a distribute-list test in rip using ACL and want to
>>>>>>>
>>>>>>>
>
>
>
>>allow
>>
>>
>
>
>
>>>>>>>only Even route into my router. I can do it sucessfully by using
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>Standard ACL. I heard from this group that Extended ACL is better
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>because it also checks with netmask. However, I can't get any
>>>>>>>
>>>>>>>
>
>
>
>>route
>>
>>
>
>
>
>>>>>>>after using Extended ACL. Anything wrong ? My ACLs are as
>>>>>>>
>>>>>>>
>
>
>
>>follows:
>>
>>
>
>
>
>
>
>
>>>>>>>access-list 1 permit 172.16.0.0 0.0.254.0
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>access-list 101 permit ip 172.16.0.0 0.0.254.0 255.255.255.0
>>>>>>>
>>>>>>>
>
>
>
>>0.0.0.0
>>
>>
>
>
>
>
>
>
>
>
>
>>>>>>>Incoming RIP routes
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>==================
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.0.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.1.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.2.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.3.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.4.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.5.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.6.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.7.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.8.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.9.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.10.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.11.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.12.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.13.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.14.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.15.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>00:47:53: 172.16.16.0/24 via 0.0.0.0 in 1 hops
>>>>>>>
>>>>>>>
>
>
>
>
>
>
>
>
>
>
>
>
>>>>>>>Ryan
>>>>>>>
>>>>>>>
>
>
>
>
>
>
>
>
>
>
>
>
>>>_______________________________________________________________________
>>>
>>>
>
>
>
>>>>>>>Subscription information may be found at:
>>>>>>>
>>>>>>>
>
>
>
>>>>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>>
>
>
>
>
>
>
>
>
>
>
>
>
>>_______________________________________________________________________
>>
>>
>
>
>
>>>>>>Subscription information may be found at:
>>>>>>
>>>>>>
>
>
>
>>>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>>>
>>>>>>
>
>
>
>
>
>
>
>
>
>>_______________________________________________________________________
>>
>>
>
>
>
>>>>>Subscription information may be found at:
>>>>>
>>>>>
>
>
>
>>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>
>
>
>
>
>
>
>
>
>>_______________________________________________________________________
>>
>>
>
>
>
>>>>Subscription information may be found at:
>>>>
>>>>
>
>
>
>>>>http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:53 GMT-3