Re: prefix and acl from Narbik Kocharians on 2012-06-24 (Ccielab archives 06/2012)

From: Narbik Kocharians <narbikk_at_gmail.com>
Date: Sun, 24 Jun 2012 18:50:07 -0700

Hasse,
There is a much better section for Prefix-list in the "Advanced CCIE
Routing and Switching 4.0". That book (Soup to Nuts), is a very old book.

On Sun, Jun 24, 2012 at 2:57 PM, Hasse <eriksson.hans_at_gmail.com> wrote:

> Thanks all,
>
> John I am just playing with prefix and access-lists. I was inspiried
> by some WB I am doing.
> I did find this exercise in Narbiks free workbook (Soup to nuts) its
> available via Micronicstraning
> I was week on prefix-list before but not now :)
>
> Then I did extend this exercises and was thinking, how far can a ACL
> or Extended ACL take me.
> Can I solve this with one liner ACL standard or extended. Pushing the
> limits. I was playing around.
>
> Daniel and Sarad thanks.
>
> Topology
>
> R1---------------R2
>
> Router 2 recive following from R1 via RIP, I have filter those routes
> with different prefix-lists,
>
> Ex, only permit A network that are not subnetted.
> ip prefix-list 0.0.0.0/1 ge 8 le 8
>
> Ex, only permit B network that are not subnetted.
> ip prefix-list 128.0.0.0/2 ge 16 le 16
>
> Ex, only permit C network that are not subnetted.
> ip prefix-list 192.0.0.0/3 ge 24 le 24
>
> Ex, only permit A network that are or are not subnetted.
> ip prefix-list 0.0.0.0/1 ge 8 le 16
>
> etc..
>
> All route received from R1 via RIP
>
> R2# show ip rou rip
> R 1.0.0.0/8 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 2.0.0.0/8 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 3.0.0.0/8 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> 4.0.0.0/16 is subnetted, 1 subnets
> R 4.4.0.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 191.1.0.0/16 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> 5.0.0.0/24 is subnetted, 1 subnets
> R 5.5.5.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> 6.0.0.0/26 is subnetted, 1 subnets
> R 6.6.6.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 128.1.0.0/16 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 125.0.0.0/8 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 131.1.0.0/16 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> 193.1.1.0/25 is subnetted, 1 subnets
> R 193.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> 132.1.0.0/24 is subnetted, 1 subnets
> R 132.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> 133.1.0.0/25 is subnetted, 1 subnets
> R 133.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> 194.1.1.0/26 is subnetted, 1 subnets
> R 194.1.1.0 [120/1] via 10.1.12.1, 00:00:10, FastEthernet0/0
>
> //Thanks.
>
>
> 2012/6/24 john matijevic <john.matijevic_at_gmail.com>:
> > Good Afternoon,
> >
> > "Can I do this with an acl or extended cal, I have a Brain Freeze
> > Thanks."
> >
> > What is this?
> >
> > Very vague, can you please be more specific and describe exactly the
> > issue or problem that you are trying to solve?
> >
> > Please post network diagram and configurations.
> >
> >
> > Regards,
> > John
> >
> >
> > On 6/24/12, Sarad <tosara_at_gmail.com> wrote:
> >> Hi Hasse,
> >>
> >> We can use a extended access-list in BGP to replace a prefix-list, But
> in
> >> IGP it appears differently as extended accesslist represent the route
> >> source and subnet (not subnet and subnet mask)
> >>
> >> Have a look at this
> >>
> http://blog.internetworkexpert.com/2008/01/04/using-extended-access-lists-in-a-distribute-list/
> >>
> >> Cheers
> >> Sara
> >>
> >>
> >>
> >> On Sun, Jun 24, 2012 at 11:12 PM, <daniel.dib_at_reaper.nu> wrote:
> >>
> >>> Hi Hasse,
> >>>
> >>> You are trying to match every class C address with /24 mask right? This
> >>> is
> >>> not possible with a standard ACL. If you used extended ACL you could
> >>> match
> >>> mask like this.
> >>>
> >>> access-list 100 permit 192.0.0.0 31.255.255.255 host 255.255.255.0
> >>>
> >>> However I think this is only supported in BGP.
> >>>
> >>> /Daniel
> >>>
> >>>
> >>> On Sun, 24 Jun 2012 14:02:01 +0200, Hasse wrote:
> >>>
> >>>> Can I do this with an acl or extended cal, I have a Brain Freeze
> >>>> Thanks.
> >>>>
> >>>> R2#show run | sec rip
> >>>> router rip
> >>>> version 2
> >>>> network 10.0.0.0
> >>>> distribute-list prefix 1 in FastEthernet0/0
> >>>> no auto-summary
> >>>>
> >>>> R2#show run | sec prefix-list
> >>>> ip prefix-list 1 seq 5 permit 192.0.0.0/3 ge 24 le 24
> >>>>
> >>>> R2#show ip route rip
> >>>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
> >>>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
> >>>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
> >>>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
> >>>>
> >>>> if I am using a standard ACL
> >>>>
> >>>>
> >>>> Standard ACL
> >>>> R2#show run | sec rip
> >>>> router rip
> >>>> version 2
> >>>> network 10.0.0.0
> >>>> distribute-list 1 in FastEthernet0/0
> >>>> no auto-summary
> >>>>
> >>>> R2#show run | sec access-list
> >>>> access-list 1 permit 192.0.0.0 31.255.255.0
> >>>>
> >>>> R2#show ip ro rip
> >>>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> >>>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> >>>> 193.1.1.0/25 is subnetted, 1 subnets
> >>>> R 193.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> >>>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> >>>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> >>>> 194.1.1.0/26 is subnetted, 1 subnets
> >>>> R 194.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> >>>> ______________________________**______________________________**
> >>>> ___________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/**list/CCIELab.html<
> http://www.groupstudy.com/list/CCIELab.html>
> >>>>
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> ______________________________**______________________________**
> >>> ___________
> >>> Subscription information may be found at: http://www.groupstudy.com/**
> >>> list/CCIELab.html <http://www.groupstudy.com/list/CCIELab.html>
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
*Narbik Kocharians
*CCSI#30832, CCIE# 12410 (R&S, SP, Security)
*www.MicronicsTraining.com* <http://www.micronicstraining.com/>
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
A Cisco Learning Partner
Blogs and organic groups at http://www.ccie.net

Received on Sun Jun 24 2012 - 18:50:07 ART

This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART