Re: RIP route filtering using Extended ACL

From: Huan Pham (pnhuan@yahoo.com)
Date: Tue Jul 22 2008 - 07:00:30 ART

• Next message: Fahad Khan: "Re: RIP route filtering using Extended ACL"
• Previous message: Huan Pham: "Re: RIP route filtering using Extended ACL"
• Maybe in reply to: Huan Pham: "RIP route filtering using Extended ACL"
• Next in thread: Fahad Khan: "Re: RIP route filtering using Extended ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Khan,
 
Thanks for the example. Appearently, the use of extended ACL in the BGP
example is another hair pulling exersize.
 
But we can use extended ACL for RIP as well, as shown in my example.
 
Cheers,

--- On Tue, 7/22/08, Fahad Khan <fahad.khan@gmail.com> wrote:

From: Fahad Khan <fahad.khan@gmail.com>
Subject: Re: RIP route filtering using Extended ACL
To: "Huan Pham" <Huan.Pham@peopletelecom.com.au>
Cc: ccielab@groupstudy.com
Date: Tuesday, July 22, 2008, 7:00 PM

Futher more,

Remember! IP access-list number <1-199> (shown below) is meaning full
*only*,
when you want to perform route filtering in *BGP*

R1(config-router)#distribute-list ?
  <1-199> IP access list number
  <1300-2699> IP expanded access list number
  WORD Access-list name
  gateway Filtering incoming updates based on gateway
  prefix Filter prefixes in routing updates

In rip and other IGPs, distribute-list works with standard ACL only but
in BGP it can work with extanded ACL as well.

Go through the link below,

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801310cb.
shtml#acclists

Thanks and regards,

On Mon, Jul 21, 2008 at 11:26 PM, Huan Pham
<Huan.Pham@peopletelecom.com.au>
wrote:

> Hi GS,
>
> I can not find the guide on the use of extended ACL to filter RIP
> routes. May someone please point me the link to this section. Many
> thanks.
>
> The following config is from a vendor workbook. It's to prevent the
> route 150.1.7.0/24 learnt via router 155.1.0.1 off interface Serial0.
>
> access-list 199 deny ip host 155.1.0.1 host 150.1.7.0
> access-list 199 permit ip any any
>
> router rip
> version 2
> network 150.1.0.0
> network 155.1.0.0
> distribute-list 199 in Serial0
> no auto-summary
>
>
> I usually make mistake with creating extended ACL for this purpose. I do
> tend to put subnet route first (source address portion), and the gateway
> after (destination address). The right ACL should be created in the
> reverse order, as above. I can not find relevant info in the RIP
> configuration guide, nor in command reference. Help in understanding
> this command is appreciated.
>
>
> Huan,
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>

--
*FAHAD KHAN
BE Computer Systems NED,
CCNA,CCDA,CCNP,FOUNDFE,CLSE,QOS,JNCIA,JNCIS,MCP,CCIE (Written)
Systems Support Engineer, Premier Systems (Pvt) limited,
Karachi, Pakistan
92-321-2370510*.

• Next message: Fahad Khan: "Re: RIP route filtering using Extended ACL"
• Previous message: Huan Pham: "Re: RIP route filtering using Extended ACL"
• Maybe in reply to: Huan Pham: "RIP route filtering using Extended ACL"
• Next in thread: Fahad Khan: "Re: RIP route filtering using Extended ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART