From: Lloyd Ardoin (Lloyd@TheWizKid.biz)
Date: Wed Sep 24 2008 - 23:57:06 ART
Igor,
From the InternetworExpert blog
"This extended access-list syntax can also be used in a route-map for
redistribution filtering in both IGP and BGP. For example if we took the
previous access-list 101 and matched it in a route-map as follows:
route-map OSPF_TO_RIP permit 10
match ip address 100
!
router rip
redistribute ospf 1 metric 1 route-map OSPF_TO_RIP
This syntax would say that we want to redistribute OSPF routes into RIP,
but only those which are 192.168.X.X/24.
The confusion for this extended access-list implementation is that when
it is called as a distribute-list in IGP the syntax changes. In the
previous examples the normal "source" field in the ACL represents the
network address, where the "destination" field represents the subnet
mask. In IGP distribute-list application the "source" field in the ACL
matches the update source of the route, and the "destination" field
represents the network address. This implementation allows us to control
which networks we are receiving, but more importantly who we are
receiving them from. Take the following topology:"
Take a look at this link...it may answer your question.
http://blog.internetworkexpert.com/index.php?s=access-list+filtering
Lloyd V Ardoin
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Igor M.
Sent: Wednesday, September 24, 2008 12:05 PM
To: ccielab@groupstudy.com; Joseph Brunner
Subject: RE: prefix-list acl equivalency
Thats what I thought, however it does not cut it...
Below is the list of my networks. As you notice, there is one /29
specific in
there. I need to come up with an ACL that would only leak that route...
access-list 101 permit ip 178.2.8.248 0.0.0.0 255.255.255.248 0.0.0.0
or
access-list 101 permit ip 0.0.0.0 255.255.255.255 255.255.255.248
0.0.0.0
dont pass anything
D EX 178.2.8.248/29 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.1.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.2.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.3.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.4.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.5.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.6.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.7.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.9.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
D EX 178.2.10.0/24 [170/409600] via 150.100.3.254, 00:00:26,
Ethernet0/1
----------------------
I.M., M.Eng. P.Eng.
Network Architect
CI Investments
----------------------
--- On Wed, 9/24/08, Joseph Brunner <joe@affirmedsystems.com> wrote:
From: Joseph Brunner <joe@affirmedsystems.com>
Subject: RE: prefix-list acl equivalency
To: "'Igor M.'" <imanassypov@rogers.com>, ccielab@groupstudy.com
Received: Wednesday, September 24, 2008, 12:24 PM
Wouldn't it be
access-list 101 permit ip 0.0.0.0 255.255.255.255 255.255.255.248
0.0.0.0
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Igor
M.
Sent: Wednesday, September 24, 2008 12:04 PM
To: ccielab@groupstudy.com
Subject: prefix-list acl equivalency
Hello,
What is the access-list equivalency to the following prefix list for
distribution list purposes:
ip prefix-list SUB29 seq 5 permit 0.0.0.0/0 ge 29 le 29
Thanks!
----------------------
I.M., M.Eng. P.Eng.
Network Architect
CI Investments
----------------------
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:19 ART