Re: Explain the diffrence in these ACL's

From: Nate Cielieska (ncielieska@gmail.com)
Date: Thu Jul 17 2008 - 17:12:37 ART

• Next message: 2008ccie@live.com: "CCIE Voice"
• Previous message: Igor Manassypov: "Re: bgp confederations"
• Maybe in reply to: Christopher Copley: "Explain the diffrence in these ACL's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The host option specifies the current referenced ip address with a 32-bit
mask.. so

host 150.1.1.1 = 150.1.1.1 0.0.0.0

On Thu, Jul 17, 2008 at 3:04 PM, Christopher Copley <copley.chris@gmail.com>
wrote:

> I would normally agree, but in this case I have one match for each type of
> ACL, and the loopback address is 150.1.1.1 If the host option only
> allows
> the .0 address they why is it seeing the .1 address of the loopback
> address?
>
> On 7/17/08, Julian Pentermann <jpentermann@gmail.com> wrote:
> >
> > Hey
> >
> >
> > 150.1.1.0 0.0.0.255 will permit any devices on this entire subnet so
> > 150.1.1.X
> > host 150.1.1.0 is essentially 150.1.1.0 0.0.0.0 so this will only match
> > this subnet not the hosts on the subnet
> >
> > So it depends what you are trying to match really.
> >
> > Cheers
> > Julian
> >
> >
> > On Thu, Jul 17, 2008 at 9:52 PM, Christopher Copley <
> > copley.chris@gmail.com> wrote:
> >
> >> Experts,
> >>
> >> I have come to a lost when I am looking at an acl question. I have 4
> >> routers R1 <-> R3 <-> R4 <-> R5 and R5 <->R1 so it makes a big
> circle.
> >> R1
> >> and R4 both run EIGRP and OSPF and I redistribute on both. R3 is EIGRP
> >> only and R5 is OSPF only. In my lab there is a requirement for R1 to
> go
> >> the long way around to get to R3 Lo0 address 150.1.3.3, so in R1 under
> >> the
> >> ospf process I put in.....
> >> router ospf 1
> >> distance 89 0.0.0.0 255.255.255.255 50
> >>
> >> access-list 50 permit 150.1.1.0 0.0.0.255
> >>
> >>
> >> In my workbook it has the ACL should be...
> >>
> >> access-list 50 permit host 150.1.1.0
> >>
> >> Both ways appear to work, but I do not understand why the host option
> >> works. It has to be some logic I am missing in the ACL, can some one
> >> shed
> >> some light on this for me?
> >>
> >> Chris
> >>
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: 2008ccie@live.com: "CCIE Voice"
• Previous message: Igor Manassypov: "Re: bgp confederations"
• Maybe in reply to: Christopher Copley: "Explain the diffrence in these ACL's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART