RE: Access-list question with policy-map

Seems like it might be a little safer to match the whole subnet so you're sure
you catch everything. In the real-world you might want to be more careful but
if I were given this question, I'd match the whole subnet. That way if they
meant just BB1, you'd match or if they meant the entire subnet, you'd be okay
there too.

Thanks,

Jacob Uecker
CCIE# 24481

Development Engineer
CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
Toll Free: 877-654-2243
International: +1-702-968-5100
Skype: skype:ccbootcamp?call
FAX: +1-702-446-8012

YES! We take Cisco Learning Credits!
Training And Remote Racks: http://www.ccbootcamp.com

________________________________

From: nobody_at_groupstudy.com on behalf of Nishant Aggarwal
Sent: Fri 9/4/2009 7:41 PM
To: Cisco certification
Subject: Access-list question with policy-map

Hi Group,

Connectivity is like this :

(VL10) R1 *<------> *R2 (Fa0/0 - /24) *<---*VL20*--->* (Fa0/0 - /24) BB1

VL 10 - 1.1.10.0 /24
BB1 150.1.1.254/24 /24

I am creating a policy-map and I have to match ip packets coming from VL 10
and going out to BB1. It is suggested to configure on R2 only.

When making access-list for this:

access-list 100 per ip 1.1.10.0 0.0.0.255 *150.1.1.0 0.0.0.255* (What
should be the destination?)
                                                        *or 150.1.1.254
0.0.0.0*
* or host 150.1.1.254
*

 I know 150.1.1.254 0.0.0.0 and host 150.1.1.254 are one and the same thing.

Should I match whole vlan in destination or should I go for specefically BB2
ip address of /32 ??

Thanks,
Nishant Aggarwal.

Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
Received on Sun Sep 06 2009 - 21:03:05 ART