RE: access-list usage

Rakesh,

The correct ACL should be:

Access-list 10 permit 49.1.0.1 0.0.3.0 <- this allows exactly 4 hosts
Access-list 10 permit 49.1.0.0 0.0.3.255 <- exactly 1024 hosts :)

Access-list 101 isn't a standard ACL, so it won't write with a source only.

The same applies for redistribution here, a lot of workbooks will show you 0.0.3.255 if you wanted to redistribute 49.1.[0-3].0/24. The problem with writing it that way is it allows for 49.1.0.64/26 and other non zero ending networks.

Most likely your freedom of creativity in the lab will be limited by the requirements.

HTH

-ryan

> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> rakesh m
> Sent: Sunday, November 22, 2009 12:06 PM
> To: ccielab_at_groupstudy.com
> Subject: Re: access-list usage
>
> correction the
>
>
> access-list 101 permit 49.1.0.0 0.0.3.255
>
> On 11/22/09, rakesh m <raaki.88_at_gmail.com> wrote:
> > hello group i have a doubt regarding the usage of access-list
> >
> > i have 4 loopbacks
> >
> > 49.1.0.1
> >
> > 49.1.1.1
> >
> > 49.1.2.1
> >
> > 49.1.3.1
> >
> >
> > now the task requires the redistribution of these networks
> >
> > the solution provided is something like this
> >
> > creation of access-list goes like this
> >
> > access-list 101 permit 55.1.0.0 0.0.3.255
> >
> > but is this prefect ?
> >
> > like cant we do it like this
> >
> > access-list 101 permit ip host 49.1.0.1 any
> > access-list 101 permit ip host 49.1.1.1 any
> > access-list 101 permit ip host 49.1.2.1 any
> > access-list 101 permit ip host 49.1.3.1 any
> >
> > route-map Ospf_Redist permit
> > match ip addr 101
> >
> > if asked in lab should i go for the first approach or the next one ?

Blogs and organic groups at http://www.ccie.net
Received on Sun Nov 22 2009 - 12:53:46 ART