Re: Very basic ACL question
From: Venkataramanaiah.R (vramanaiah@gmail.com)
Date: Sun Nov 20 2005 - 11:07:04 GMT-3
As a matter of fact, > access-list 1 permit 10.10.0.0 0.0.0.0
would capture any prefix with 10.10.0.0 irrespective of the mask.
Correct me if i wrong. If mask matching is required, then go for
prefix lists are extended acl, where you can define the mask to match
as wel..
-Venkat
On 11/15/05, Leigh Harrison <ccileigh@gmail.com> wrote:
> Hey Steven,
>
> This says:-
> The first 2 octets have to be nailed to 10 (the "0" in the wildcard mask
> says this)
> The second 2 octets can be anything they want to (the "255" in the
> wildcard mask)
>
> So you would get through loads, including 10.10.1.0/24, 10.10.0.0/16,
> 10.10.200.128/25..... etc, etc.
>
> Your acl nails the first 2 bits and allows the rest.
>
> If you wanted JUST the /16, then go for a prefix list, or something
> along the lines of:
> access-list 1 permit 10.10.0.0 0.0.0.0
>
> LH
>
> steven richards wrote:
>
> > If I have a ditribute list on a routing protocol to filter incoming
> > and outgoing routing updates like for instance the one below. This
> > will match the /16 10.10 and also all of the specifics within the /10
> > correct ?
> >
> > router rip
> > ver 2
> > distribute-list out out ser0
> >
> > access-list standard out
> > permit 10.10.0.0 0.0.255.255
> >
> > _________________________________________________________________
> > FREE pop-up blocking with the new MSN Toolbar � get it now!
> > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Thu Dec 01 2005 - 09:12:07 GMT-3