Re: RIP route filtering using Extended ACL

From: Fahad Khan (fahad.khan@gmail.com)
Date: Tue Jul 22 2008 - 06:00:42 ART

• Next message: Huan Pham: "RE: RIP route filtering using Extended ACL"
• Previous message: abdul muhammed: "Fwd: Need help on Cisco Ipsec Remote Access VPN"
• Maybe in reply to: Huan Pham: "RIP route filtering using Extended ACL"
• Next in thread: Huan Pham: "RE: RIP route filtering using Extended ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Futher more,

Remember! IP access-list number <1-199> (shown below) is meaning full *only*,
when you want to perform route filtering in *BGP*

R1(config-router)#distribute-list ?
  <1-199> IP access list number
  <1300-2699> IP expanded access list number
  WORD Access-list name
  gateway Filtering incoming updates based on gateway
  prefix Filter prefixes in routing updates

In rip and other IGPs, distribute-list works with standard ACL only but
in BGP it can work with extanded ACL as well.

Go through the link below,

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801310cb.shtml#acclists

Thanks and regards,

On Mon, Jul 21, 2008 at 11:26 PM, Huan Pham <Huan.Pham@peopletelecom.com.au>
wrote:

> Hi GS,
>
> I can not find the guide on the use of extended ACL to filter RIP
> routes. May someone please point me the link to this section. Many
> thanks.
>
> The following config is from a vendor workbook. It's to prevent the
> route 150.1.7.0/24 learnt via router 155.1.0.1 off interface Serial0.
>
> access-list 199 deny ip host 155.1.0.1 host 150.1.7.0
> access-list 199 permit ip any any
>
> router rip
> version 2
> network 150.1.0.0
> network 155.1.0.0
> distribute-list 199 in Serial0
> no auto-summary
>
>
> I usually make mistake with creating extended ACL for this purpose. I do
> tend to put subnet route first (source address portion), and the gateway
> after (destination address). The right ACL should be created in the
> reverse order, as above. I can not find relevant info in the RIP
> configuration guide, nor in command reference. Help in understanding
> this command is appreciated.
>
>
> Huan,
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>

-- 
*FAHAD KHAN
BE Computer Systems NED,
CCNA,CCDA,CCNP,FOUNDFE,CLSE,QOS,JNCIA,JNCIS,MCP,CCIE (Written)
Systems Support Engineer, Premier Systems (Pvt) limited,
Karachi, Pakistan
92-321-2370510*.

• Next message: Huan Pham: "RE: RIP route filtering using Extended ACL"
• Previous message: abdul muhammed: "Fwd: Need help on Cisco Ipsec Remote Access VPN"
• Maybe in reply to: Huan Pham: "RIP route filtering using Extended ACL"
• Next in thread: Huan Pham: "RE: RIP route filtering using Extended ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART