Re: access-list
From: Josef A (josefnet@gmail.com)
Date: Sat Nov 26 2005 - 14:34:02 GMT-3
One addition please. Extended ACLs used with distribute-lists with RIP and
EIGRP is used to match both the route and the source of the route. Thus for
an exact match, using a prefix-list is best.
HTH
Josef.
On 11/26/05, Josef A <josefnet@gmail.com> wrote:
>
> Your ACL will permit more networks than ask for. It will permit additional
> subnets of 100.100.1.0 and 100.100.2.0.
>
> Try labbing it up. It's more accurate to use a prefix-list or an extended
> ACL to match both the network and its mask. If there are no subnets of
> 100.100.1.0 and 100.100.2.0 among the routes being filtered your ACL might
> seem to work correctly, but if you introduce those subnets, they will
surely
> pass thru.
>
> HTH
> Josef
>
>
> On 11/26/05, Ashok M A <ashok_ccie@yahoo.co.in> wrote:
> >
> > I am not sure why this doesn�t work?
> >
> > Access-list 100 permit 100.100.1.0 0.0.0.255
> > Access-list 100 permit 100.100.2.0 0.0.0.255
> >
> >
> >
> > Thanks & Regards,
> >
> > Ashok M A
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Pierre-Alex
> > Sent: Saturday, November 26, 2005 1:25 AM
> > To: Desmond Ong; FORUM
> > Subject: Re: access-list
> >
> > If you cannot use prefix-list you can use an extended access-list:
> >
> > access-list 100 permit 100.100.1.0 0.3.255 255.255.255.0 0.0.0.0
access-list
> > 100 permit 100.100.2.0 0.3.255 255.255.255.0 0.0.0.0
> >
> > Please note that trying to summurize both. .1 and .2 networks end
> > up creating more entries because you automatically get the 0 and
> > .3 networks:
> >
> > access-list 100 deny 100.100.0.0 0.0.0.0 255.255.255.0 0.0.0.0
access-list
> > 100 deny 100.100.3.0 0.0.0.0 255.255.255.0 0.0.0.0 access-list 100
> > permit 100.100.0.0 0.3.255 255.255.255.0 0.0.0.0
> >
> > NB: in an extended acl, the first part of the acl, matches the
> > network the networks (100.100.0.0 0.3.255 ) , the second part matches
> > the mask.
> >
> > Cheers
> >
> > Pierre
> >
> > ----- Original Message -----
> > From: "Desmond Ong" <desmond.gk@netstarnetworks.com>
> > To: "FORUM" < ccielab@groupstudy.com>
> > Sent: Thursday, November 03, 2005 2:10 PM
> > Subject: access-list
> >
> >
> > > Hi there,
> > >
> > > if i were asked to permit only 100.100.1.0/24 and 100.100.2.0/24 into
> > the
> > > network,
> > >
> > > my access list will be 100.100.1.0 0.0.3.255 or will it be
> > > 100.100.1.0 0.0.3.0 ??? is there any difference?
> > >
> > > Tks!
> > >
> > > Desmond
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> > ---------------------------------
> > Enjoy this Diwali with Y! India Click here
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Thu Dec 01 2005 - 09:12:08 GMT-3