Re: access-lists vs. prefix-lists

From: John Matus (john_matus@hotmail.com)
Date: Tue Mar 15 2005 - 22:18:51 ART

• Next message: shiran guez: "Re: OSPF over Frame-relay Task"
• Previous message: Sadiq Yakasai: "Re: BGP MD5 Error Message"
• Next in thread: John Matus: "Re: access-lists vs. prefix-lists"
• Maybe reply: John Matus: "Re: access-lists vs. prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

ok, that is where i get confused.............
if, as in ACL 5 <access-l 5 permit 192.168.1.0 0.0.0.255> i don't see how
that would match /24, /25, /26 routes. i would think that you would need
to have a wildcard mask of 0.0.0.252, 0.0.0.248, 0.0.0.240. how does it
match those routes......hmm ok, slight epiphanie <sp?> is it because .252,
.248, and .240 are all subsets of the .255 which means everything under the
sun in that octet?

>From: Carlos G Mendioroz <tron@huapi.ba.ar>
>To: John Matus <john_matus@hotmail.com>
>CC: ccielab@groupstudy.com
>Subject: Re: access-lists vs. prefix-lists
>Date: Tue, 15 Mar 2005 21:59:19 -0300
>
>John,
>there are differences, some of wich can be dealt with, but prefix lists are
>simpler to use when you are trying to deal with routes.
>
>In your example with ACL 5, your acl would let go:
>192.168.1.0/24
>192.168.1.0/25
>192.168.1.0/26
>...
>192.168.1.128/25
>192.168.1.128/26
>...
>but the prefix list would only let 192.168.1.0/24.
>
>Some routing protocols do accept extended ACLs to care about masks, like
>
>access-list 105 permit 192.168.1.0 0.0.0.0 255.255.255.0 0.0.0.0
>
>which would be an exact match of the example prefix list.
>
>Hope this helps.
>
>John Matus wrote:
>>Prefix-list vs. access-list question
>>
>>Im a bit confused about the functionality of prefix-lists vs.
>>access-lists. While Im aware that prefix-lists seem to have some added
>>granularity Im a bit stumped as to when it is best practice to use one
>>vs. the other. Here are a few examples of each
>>
>>
>>EXAMPLE 1
>>Router os 1
>>Default-information originate route-map conditional
>>-------------------------------------------
>>
>>Route-m conditional permit 10
>>Match ip address prefix 5
>>
>>Ip prefix-list 5 permit 192.168.1.0/24
>>
>>OR
>>Route-m conditional permit 10
>>Match ip add 5
>>
>>Access-list 5 permit 192.168.1.0 0.0.0.255
>>
>>EXAMPLE 2
>>
>>Router rip
>>Redistribute ospf 1 metric 1 route-map o2r
>>-------------------------------------------
>>
>>Route-map o2r permit 10
>>Match ip add prefix-list 5
>>
>>Access-list 5 permit 192.168.1.0 0.0.0.0.255
>>
>>OR
>>
>>Route-map o2r permit 10
>>Match ip address prefix-list 5
>>
>>Ip prefix-list 5 permit 192.168.1.0/24
>>
>>Do both methods accomplish exactly the same thing or is the matching
>>mechanism different in access and prefix lists?
>>
>>_________________________________________________________________
>>Dont just search. Find. Check out the new MSN Search!
>>http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>
>--
>Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina

• Next message: shiran guez: "Re: OSPF over Frame-relay Task"
• Previous message: Sadiq Yakasai: "Re: BGP MD5 Error Message"
• Next in thread: John Matus: "Re: access-lists vs. prefix-lists"
• Maybe reply: John Matus: "Re: access-lists vs. prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART