Re: RIP route filtering using Extended ACL

From: Fahad Khan (fahad.khan@gmail.com)
Date: Tue Jul 22 2008 - 14:07:30 ART

• Next message: Joshua: "LAN issue, Help!"
• Previous message: Luca Hall: "RE: DoS prevention / peer-to-peer testing"
• Maybe in reply to: Huan Pham: "RIP route filtering using Extended ACL"
• Next in thread: Fahad Khan: "Re: RIP route filtering using Extended ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thank you very much larry.

On 7/22/08, Larry <cc13lab@gmail.com> wrote:
>
> Fahad,
>
> Here is a link explaining it with RIP:
>
>
>
> http://blog.internetworkexpert.com/category/ccie-routing-switching/interior-gateway-routing/page/2/
>
>
> hth
>
>
> On 7/22/08, Fahad Khan <fahad.khan@gmail.com> wrote:
>
>> well, i am still unable to understand , how Ext ACL is used in RIP(with
>> dist-list) and why? Can any one shed more light over it?
>>
>> Thanks and regards,
>>
>> On Tue, Jul 22, 2008 at 3:00 AM, Huan Pham <pnhuan@yahoo.com> wrote:
>>
>> > Hi Khan,
>> >
>> >
>> >
>> > Thanks for the example. Appearently, the use of extended ACL in the BGP
>> > example is another hair pulling exersize.
>> >
>> >
>> >
>> > But we can use extended ACL for RIP as well, as shown in my example.
>> >
>> >
>> >
>> > Cheers,
>> >
>> >
>> > --- On *Tue, 7/22/08, Fahad Khan <fahad.khan@gmail.com>* wrote:
>> >
>> > From: Fahad Khan <fahad.khan@gmail.com>
>> > Subject: Re: RIP route filtering using Extended ACL
>> > To: "Huan Pham" <Huan.Pham@peopletelecom.com.au>
>> > Cc: ccielab@groupstudy.com
>> > Date: Tuesday, July 22, 2008, 7:00 PM
>> >
>> > Futher more,
>> >
>> > Remember! IP access-list number <1-199> (shown below) is meaning full
>> > *only*,
>> > when you want to perform route filtering in *BGP*
>> >
>> > R1(config-router)#distribute-list ?
>> > <1-199> IP access list number
>> > <1300-2699> IP expanded access list number
>> > WORD Access-list name
>> > gateway Filtering incoming updates based on gateway
>> > prefix Filter prefixes in routing updates
>> >
>> >
>> > In rip and other IGPs, distribute-list works with standard ACL only
>> but
>> > in BGP it can work with extanded ACL as well.
>> >
>> > Go through the link below,
>> >
>> http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801310cb.shtml#acclists
>> >
>> >
>> > Thanks and regards,
>> >
>> >
>> > On Mon, Jul 21, 2008 at 11:26 PM, Huan Pham
>> > <Huan.Pham@peopletelecom.com.au>
>> > wrote:
>> >
>> > > Hi GS,
>> > >
>> > > I can not find the guide on the use of extended ACL to filter RIP
>> > > routes. May someone please point me the link to this section. Many
>> > > thanks.
>> > >
>> > > The following config is from a vendor workbook. It's to prevent the
>> > > route 150.1.7.0/24 learnt via router 155.1.0.1 off interface Serial0.
>> > >
>> > > access-list 199 deny ip host 155.1.0.1 host 150.1.7.0
>> > > access-list 199 permit ip any any
>> > >
>> > > router rip
>> > > version 2
>> > > network 150.1.0.0
>> > > network 155.1.0.0
>> > > distribute-list 199 in Serial0
>> > > no auto-summary
>> > >
>> > >
>> > > I usually make mistake with creating extended ACL for this purpose. I
>> do
>> > > tend to put subnet route first (source address portion), and the
>> gateway
>> > > after (destination address). The right ACL should be created in the
>> > > reverse order, as above. I can not find relevant info in the RIP
>> > > configuration guide, nor in command reference. Help in understanding
>> > > this command is appreciated.
>> > >
>> > >
>> > > Huan,
>> > >
>> > >
>> > >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> > >
>> > >
>> > >
>> >
>> >
>> > --
>> > *FAHAD KHAN
>> >
>> > BE Computer Systems NED,
>> >
>> > CCNA,CCDA,CCNP,FOUNDFE,CLSE,
>> > QOS,JNCIA,JNCIS,MCP,CCIE (Written)
>> >
>> > Systems Support Engineer, Premier Systems (Pvt) limited,
>> >
>> > Karachi, Pakistan
>> >
>> > 92-321-2370510*.
>> >
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>>
>>
>> --
>> *FAHAD KHAN
>>
>> BE Computer Systems NED,
>>
>> CCNA,CCDA,CCNP,FOUNDFE,CLSE,QOS,JNCIA,JNCIS,MCP,CCIE (Written)
>>
>> Systems Support Engineer, Premier Systems (Pvt) limited,
>>
>> Karachi, Pakistan
>>
>> 92-321-2370510.*
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>

-- 
*FAHAD KHAN
BE Computer Systems NED,
CCNA,CCDA,CCNP,FOUNDFE,CLSE,QOS,JNCIA,JNCIS,MCP,CCIE  (Written)
Systems Support Engineer, Premier Systems (Pvt) limited,
Karachi, Pakistan
92-321-2370510.*

• Next message: Joshua: "LAN issue, Help!"
• Previous message: Luca Hall: "RE: DoS prevention / peer-to-peer testing"
• Maybe in reply to: Huan Pham: "RIP route filtering using Extended ACL"
• Next in thread: Fahad Khan: "Re: RIP route filtering using Extended ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART