Re: prefix and acl from Marko Milivojevic on 2012-06-24 (Ccielab archives 06/2012)

From: Marko Milivojevic <markom_at_ipexpert.com>
Date: Sun, 24 Jun 2012 19:41:36 -0400

He's asking can he filter a specific prefix using an extended access
list, instead of using a prefix list. He gives an example where he
tried with a prefix-list and the example where he tried an acl, with
obviously different results. Someone very quickly pointed out the
difference, with the link to the Cisco's and INE's blog describing the
particular use-case. Case closed, moving on. Don't overthink the
questions.

--
Marko Milivojevic - CCIE #18427 (SP R&S)
Senior CCIE Instructor - IPexpert
On Sun, Jun 24, 2012 at 3:29 PM, john matijevic
<john.matijevic_at_gmail.com> wrote:
> Good Afternoon Marko,
>
> Please enlighten us.
>
> Here is the question:
>
> Can I do this with an acl or extended cal,
>
>
> Please clarify what this is? I don't understand what he is asking?
>
> Regards,
> John
> On 6/24/12, Marko Milivojevic <markom_at_ipexpert.com> wrote:
>> He did post the config snippets. I think the question was very clear.
>> So were the answers :-)
>>
>> --
>> Marko Milivojevic - CCIE #18427 (SP R&S)
>> Senior CCIE Instructor - IPexpert
>>
>> On Sun, Jun 24, 2012 at 12:27 PM, john matijevic
>> <john.matijevic_at_gmail.com> wrote:
>>> Good Afternoon,
>>>
>>> "Can I do this with an acl or extended cal, I have a Brain Freeze
>>> Thanks."
>>>
>>> What is this?
>>>
>>> Very vague, can you please be more specific and describe exactly the
>>> issue or problem that you are trying to solve?
>>>
>>> Please post network diagram and configurations.
>>>
>>>
>>> Regards,
>>> John
>>>
>>>
>>> On 6/24/12, Sarad <tosara_at_gmail.com> wrote:
>>>> Hi Hasse,
>>>>
>>>> We can use a extended access-list in BGP to replace a prefix-list, But
>>>> in
>>>> IGP it appears differently as extended accesslist represent the route
>>>> source and subnet (not subnet and subnet mask)
>>>>
>>>> Have a look at this
>>>> http://blog.internetworkexpert.com/2008/01/04/using-extended-access-lists-in-a-distribute-list/
>>>>
>>>> Cheers
>>>> Sara
>>>>
>>>>
>>>>
>>>> On Sun, Jun 24, 2012 at 11:12 PM, <daniel.dib_at_reaper.nu> wrote:
>>>>
>>>>> Hi Hasse,
>>>>>
>>>>> You are trying to match every class C address with /24 mask right? This
>>>>> is
>>>>> not possible with a standard ACL. If you used extended ACL you could
>>>>> match
>>>>> mask like this.
>>>>>
>>>>> access-list 100 permit 192.0.0.0 31.255.255.255 host 255.255.255.0
>>>>>
>>>>> However I think this is only supported in BGP.
>>>>>
>>>>> /Daniel
>>>>>
>>>>>
>>>>> On Sun, 24 Jun 2012 14:02:01 +0200, Hasse wrote:
>>>>>
>>>>>> Can I do this with an acl or extended cal, I have a Brain Freeze
>>>>>> Thanks.
>>>>>>
>>>>>> R2#show run | sec rip
>>>>>> router rip
>>>>>> B version 2
>>>>>> B network 10.0.0.0
>>>>>> B distribute-list prefix 1 in FastEthernet0/0
>>>>>> B no auto-summary
>>>>>>
>>>>>> R2#show run | sec prefix-list
>>>>>> ip prefix-list 1 seq 5 permit 192.0.0.0/3 ge 24 le 24
>>>>>>
>>>>>> R2#show ip route rip
>>>>>> R B  B 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>>>>>> R B  B 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>>>>>> R B  B 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>>>>>> R B  B 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>>>>>>
>>>>>> if I am using a standard ACL
>>>>>>
>>>>>>
>>>>>> Standard ACL
>>>>>> R2#show run | sec rip
>>>>>> router rip
>>>>>> B version 2
>>>>>> B network 10.0.0.0
>>>>>> B distribute-list 1 in FastEthernet0/0
>>>>>> B no auto-summary
>>>>>>
>>>>>> R2#show run | sec access-list
>>>>>> access-list 1 permit 192.0.0.0 31.255.255.0
>>>>>>
>>>>>> R2#show ip ro rip
>>>>>> R B  B 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>>>>>> R B  B 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>>>>>> B  B  193.1.1.0/25 is subnetted, 1 subnets
>>>>>> R B  B  B  193.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>>>>>> R B  B 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>>>>>> R B  B 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>>>>>> B  B  194.1.1.0/26 is subnetted, 1 subnets
>>>>>> R B  B  B  194.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>>>>>> ______________________________**______________________________**
>>>>>> ___________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/**list/CCIELab.html<http://www.groupstudy.com/list/CCIELab.html>
>>>>>>
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> ______________________________**______________________________**
>>>>> ___________
>>>>> Subscription information may be found at: http://www.groupstudy.com/**
>>>>> list/CCIELab.html <http://www.groupstudy.com/list/CCIELab.html>
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Sun Jun 24 2012 - 19:41:36 ART

This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART