Hi Alexandre,
On Tue, Jun 2, 2009 at 11:23 AM, Alexandre V Oliveira <busa_at_uol.com.br> wrote:
> Hey fellows, a simple and direct question:
>
> Is there any difference that can be considered wrong in lab for these
> sentences below?
>
> 1- ip prefix-list 10 permit 192.168.0.0/24 le 32
> 2- ip prefix-listB 10 permit 192.168.0.0/24
> 3- access-list 10 permit 192.168.0.0
> 4- access-list 10 permit 192.168.0.0 0.0.0.255
Don't forget this lesser known form using extended IP ACLs:
access-list 100 permit 192.168.0.0 0.0.0.255 255.255.255.0 0.0.0.0
- source ("192.168.0.0") becomes the network you want to match.
- source wildcard ("0.0.0.255") identifies the care/don't care bits,
as normal, for the network
- destination ("255.255.255.0") becomes the network mask you want to apply/match
- destination wildcard ("0.0.0.0" identifies the care/don'tc are bits,
as normal, for the network mask
The same ACE in another form is:
access-list 100 permit host 192.168.0.0 host 255.255.255.0
I first saw this form in Halabi's "Internet Routing Architectures"
book. This allows you to use access-lists to perform exact matches
with route filtering.
cheers,
Dale
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 02 2009 - 21:58:02 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:36 ART