Re: question about ACL on a filter

From: Benedict Munyao (bmunyao@gmail.com)
Date: Sat Feb 23 2008 - 06:54:41 ARST

• Next message: Sadiq Yakasai: "Re: Moving away from Cisco"
• Previous message: Anshuk Kesarwani: "Frame Relay Traffic shaping"
• Maybe in reply to: Snyder, Daniel P: "question about ACL on a filter"
• Next in thread: Alexandre Ribeiro: "Re: question about ACL on a filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Daniel,

Here is the computation:

--------------------------------------------------------------------------
198.72.5.0/24
198.72.13.0/24

5 (00000101) AND 13 (00001101) = 5 (00000101)
5 (00000101) XOR 13 (00001101) = 8 (00001000)

ACL entry - 198.72.5.0 0.0.5.0 0.0.8.0
-------------------------------------------------------------------------
198.72.10.0/24
198.72.14.0/24

10 (00001010) AND 14 (00001110) = 10 (00001010)
10 (00001010) XOR 14 (00001110) = 4 (00000100)

ACL entry - 198.72.10.0 0.0.4.0

-----------------------------------------------------------------------

Here is a test on dynamips:

Rack1R1#sh ip route 198.72.0.0 255.255.0.0 longer-prefixes
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static
route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 198.72.10.0/24 is directly connected, Loopback10
C 198.72.11.0/24 is directly connected, Loopback11
C 198.72.8.0/24 is directly connected, Loopback8
C 198.72.9.0/24 is directly connected, Loopback9
C 198.72.14.0/24 is directly connected, Loopback14
C 198.72.15.0/24 is directly connected, Loopback15
C 198.72.12.0/24 is directly connected, Loopback12
C 198.72.13.0/24 is directly connected, Loopback13
C 198.72.2.0/24 is directly connected, Loopback2
C 198.72.3.0/24 is directly connected, Loopback3
C 198.72.0.0/24 is directly connected, Loopback0
C 198.72.1.0/24 is directly connected, Loopback1
C 198.72.6.0/24 is directly connected, Loopback6
C 198.72.7.0/24 is directly connected, Loopback7
C 198.72.4.0/24 is directly connected, Loopback4
C 198.72.5.0/24 is directly connected, Loopback5

Rack1R1#sh ip route 198.72.5.0 255.255.247.0 longer-prefixes | b 198
C 198.72.13.0/24 is directly connected, Loopback13
C 198.72.5.0/24 is directly connected, Loopback5
Rack1R1#
Rack1R1#

Rack1R1#sh ip route 198.72.10.0 255.255.251.0 longer-prefixes | b 198
C 198.72.10.0/24 is directly connected, Loopback10
C 198.72.14.0/24 is directly connected, Loopback14
Rack1R1#
Rack1R1#

Your 2 line ACL for matching the four networks is therefore:

access-l 10 permit 198.72.5.0 0.0.8.0
access-l 10 permit 198.72.10.0 0.0.4.0

HTH
Benedict

On Thu, Feb 21, 2008 at 11:58 PM, Snyder, Daniel P <
DPSnyder@hammond.k12.in.us> wrote:

> Say I have the following networks...

>
>
>
>
> 198.72.0.0/24 - 198.72.15.0/24
>
>
>
> I need to make a filter on routes coming in. The router can only accept
> the following routes:
>
>
>
> 198.72.5.0
>
> 198.72.10.0
>
> 198.72.13.0
>
> 198.72.14.0
>
>
>
> The trick is it can only be a 2 line acl... Is this even possible??

• Next message: Sadiq Yakasai: "Re: Moving away from Cisco"
• Previous message: Anshuk Kesarwani: "Frame Relay Traffic shaping"
• Maybe in reply to: Snyder, Daniel P: "question about ACL on a filter"
• Next in thread: Alexandre Ribeiro: "Re: question about ACL on a filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:49 ARST