Re: replacing a prefix-list with access-list

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Tue Feb 27 2007 - 03:21:09 ART

• Next message: Prashant Shukla: "Re: bpdugaurd feature on Glabal configuration"
• Previous message: Ernesto Mazuelos: "replacing a prefix-list with access-list"
• Maybe in reply to: Ernesto Mazuelos: "replacing a prefix-list with access-list"
• Next in thread: Ernesto Mazuelos: "Re: replacing a prefix-list with access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ernesto,

    The syntax of the extended ACL is:

access-list <ACL #> permit ip <network> <wildcard mask of network>
<subnet mask> <wildcard mask of subnet mask>

The source portion of the extended ACL is used to match the network portion
of the BGP route and the destination portion of the ACL is used to match the
subnet mask of the BGP route. Here are some examples:

access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.0.0 0.0.0.0
Matches 10.0.0.0/16 - Only

access-list 100 permit ip 10.0.0.0 0.0.0.0 255.255.255.0 0.0.0.0
Matches 10.0.0.0/24 - Only

access-list 100 permit ip 10.1.1.0 0.0.0.0 255.255.255.0 0.0.0.0
Matches 10.1.1.0/24 - Only

access-list 100 permit ip 10.0.0.0 0.0.255.0 255.255.255.0 0.0.0.0
Matches 10.0.X.0/24 - Any number in the 3rd octet of the network with a
/24 subnet mask.

access-list 100 permit ip 10.0.0.0 0.255.255.0 255.255.255.0 0.0.0.0
Matches 10.X.X.0/24 - Any number in the 2nd & 3rd octet of the network with
a /24 subnet mask.

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.240 0.0.0.0
Matches 10.X.X.X/28 - Any number in the 2nd, 3rd & 4th octet of the network
with a /28 subnet mask.

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.0 0.0.0.255
Matches 10.X.X.X/24 to 10.X.X.X/32 - Any number in the 2nd, 3rd & 4th octet
of the network with a /24 to /32 subnet mask.

access-list 100 permit ip 10.0.0.0 0.255.255.255 255.255.255.128 0.0.0.127
Matches 10.X.X.X/25 to 10.X.X.X/32 - Any number in the 2nd, 3rd & 4th octet
of the network with a /25 to /32 subnet mask

-- 
Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
bdennis@internetworkexpert.com
 
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
On 2/26/07 9:22 PM, "Ernesto Mazuelos" <ernesto.mazuelos@gmail.com> wrote:
> Hi,
> I have found in cisco.com a way of replacing a prefix-list with access-list,
> however I don't understand the way as it is applied.
> particularly, because the destination of the access-list is
> 255.255.255.0 as a subnet mask?
>     thanks to everybody
> 
> 
> !
> ip bgp-community new-format
> !
> !
> ip prefix-list rr seq 10 permit 189.168.58.0/23
> ip prefix-list rr seq 20 permit 189.168.60.0/23
> access-list 100 permit ip host 189.168.56.0 host 255.255.254.0 <=====
> don't understand
> !
> route-map tto permit 10
>  match ip address 100
>  set community 645:200
> !
> route-map tto permit 20
> !
> 
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Prashant Shukla: "Re: bpdugaurd feature on Glabal configuration"
• Previous message: Ernesto Mazuelos: "replacing a prefix-list with access-list"
• Maybe in reply to: Ernesto Mazuelos: "replacing a prefix-list with access-list"
• Next in thread: Ernesto Mazuelos: "Re: replacing a prefix-list with access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART