Re: Very basic ACL question

From: Leigh Harrison (ccileigh@gmail.com)
Date: Tue Nov 15 2005 - 14:20:04 GMT-3

• Next message: Zukque: "IGP !== !(RFC 2439)?"
• Previous message: James Matrisciano: "RE: ROUTER ID"
• Maybe in reply to: steven richards: "Very basic ACL question"
• Next in thread: Zukque: "Re: Very basic ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey Steven,

This says:-
The first 2 octets have to be nailed to 10 (the "0" in the wildcard mask
says this)
The second 2 octets can be anything they want to (the "255" in the
wildcard mask)

So you would get through loads, including 10.10.1.0/24, 10.10.0.0/16,
10.10.200.128/25..... etc, etc.

Your acl nails the first 2 bits and allows the rest.

If you wanted JUST the /16, then go for a prefix list, or something
along the lines of:
access-list 1 permit 10.10.0.0 0.0.0.0

LH

steven richards wrote:

> If I have a ditribute list on a routing protocol to filter incoming
> and outgoing routing updates like for instance the one below. This
> will match the /16 10.10 and also all of the specifics within the /10
> correct ?
>
> router rip
> ver 2
> distribute-list out out ser0
>
> access-list standard out
> permit 10.10.0.0 0.0.255.255
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar  get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Zukque: "IGP !== !(RFC 2439)?"
• Previous message: James Matrisciano: "RE: ROUTER ID"
• Maybe in reply to: steven richards: "Very basic ACL question"
• Next in thread: Zukque: "Re: Very basic ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3