Re: prefix and acl from Hasse on 2012-06-25 (Ccielab archives 06/2012)

From: Hasse <eriksson.hans_at_gmail.com>
Date: Mon, 25 Jun 2012 11:20:39 +0200

Thanks Narbik, I did that one late Sunday :) I am doing well in the
Advanced WB.
I am planning to finnish them before bootcamp in Burbank Julie-Aug

See you there. Looking forward to the new bootcamp.

2012/6/25 Narbik Kocharians <narbikk_at_gmail.com>:
> Hasse,
> There is a much better section for Prefix-list in the "Advanced CCIE Routing
> and Switching 4.0". That book (Soup to Nuts), is a very old book.
>
>
> On Sun, Jun 24, 2012 at 2:57 PM, Hasse <eriksson.hans_at_gmail.com> wrote:
>>
>> Thanks all,
>>
>> John I am just playing with prefix and access-lists. I was inspiried
>> by some WB I am doing.
>> I did find this exercise in Narbiks free workbook (Soup to nuts) its
>> available via Micronicstraning
>> I was week on prefix-list before but not now :)
>>
>> Then I did extend this exercises and was thinking, how far can a ACL
>> or Extended ACL take me.
>> Can I solve this with one liner ACL standard or extended. Pushing the
>> limits. I was playing around.
>>
>> Daniel and Sarad thanks.
>>
>> Topology
>>
>> R1---------------R2
>>
>> Router 2 recive following from R1 via RIP, I have filter those routes
>> with different prefix-lists,
>>
>> Ex, only permit A network that are not subnetted.
>> ip prefix-list 0.0.0.0/1 ge 8 le 8
>>
>> Ex, only permit B network that are not subnetted.
>> ip prefix-list 128.0.0.0/2 ge 16 le 16
>>
>> Ex, only permit C network that are not subnetted.
>> ip prefix-list 192.0.0.0/3 ge 24 le 24
>>
>> Ex, only permit A network that are or are not subnetted.
>> ip prefix-list 0.0.0.0/1 ge 8 le 16
>>
>> etc..
>>
>> All route received from R1 via RIP
>>
>> R2# show ip rou rip
>> R 1.0.0.0/8 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 2.0.0.0/8 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 3.0.0.0/8 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 4.0.0.0/16 is subnetted, 1 subnets
>> R 4.4.0.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 191.1.0.0/16 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 5.0.0.0/24 is subnetted, 1 subnets
>> R 5.5.5.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 6.0.0.0/26 is subnetted, 1 subnets
>> R 6.6.6.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 128.1.0.0/16 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 125.0.0.0/8 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 131.1.0.0/16 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 193.1.1.0/25 is subnetted, 1 subnets
>> R 193.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 132.1.0.0/24 is subnetted, 1 subnets
>> R 132.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 133.1.0.0/25 is subnetted, 1 subnets
>> R 133.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 194.1.1.0/26 is subnetted, 1 subnets
>> R 194.1.1.0 [120/1] via 10.1.12.1, 00:00:10, FastEthernet0/0
>>
>> //Thanks.
>>
>>
>> 2012/6/24 john matijevic <john.matijevic_at_gmail.com>:
>> > Good Afternoon,
>> >
>> > "Can I do this with an acl or extended cal, I have a Brain Freeze
>> > Thanks."
>> >
>> > What is this?
>> >
>> > Very vague, can you please be more specific and describe exactly the
>> > issue or problem that you are trying to solve?
>> >
>> > Please post network diagram and configurations.
>> >
>> >
>> > Regards,
>> > John
>> >
>> >
>> > On 6/24/12, Sarad <tosara_at_gmail.com> wrote:
>> >> Hi Hasse,
>> >>
>> >> We can use a extended access-list in BGP to replace a prefix-list, But
>> >> in
>> >> IGP it appears differently as extended accesslist represent the route
>> >> source and subnet (not subnet and subnet mask)
>> >>
>> >> Have a look at this
>> >>
>> >> http://blog.internetworkexpert.com/2008/01/04/using-extended-access-lists-in-a-distribute-list/
>> >>
>> >> Cheers
>> >> Sara
>> >>
>> >>
>> >>
>> >> On Sun, Jun 24, 2012 at 11:12 PM, <daniel.dib_at_reaper.nu> wrote:
>> >>
>> >>> Hi Hasse,
>> >>>
>> >>> You are trying to match every class C address with /24 mask right?
>> >>> This
>> >>> is
>> >>> not possible with a standard ACL. If you used extended ACL you could
>> >>> match
>> >>> mask like this.
>> >>>
>> >>> access-list 100 permit 192.0.0.0 31.255.255.255 host 255.255.255.0
>> >>>
>> >>> However I think this is only supported in BGP.
>> >>>
>> >>> /Daniel
>> >>>
>> >>>
>> >>> On Sun, 24 Jun 2012 14:02:01 +0200, Hasse wrote:
>> >>>
>> >>>> Can I do this with an acl or extended cal, I have a Brain Freeze
>> >>>> Thanks.
>> >>>>
>> >>>> R2#show run | sec rip
>> >>>> router rip
>> >>>> version 2
>> >>>> network 10.0.0.0
>> >>>> distribute-list prefix 1 in FastEthernet0/0
>> >>>> no auto-summary
>> >>>>
>> >>>> R2#show run | sec prefix-list
>> >>>> ip prefix-list 1 seq 5 permit 192.0.0.0/3 ge 24 le 24
>> >>>>
>> >>>> R2#show ip route rip
>> >>>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>> >>>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>> >>>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>> >>>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>> >>>>
>> >>>> if I am using a standard ACL
>> >>>>
>> >>>>
>> >>>> Standard ACL
>> >>>> R2#show run | sec rip
>> >>>> router rip
>> >>>> version 2
>> >>>> network 10.0.0.0
>> >>>> distribute-list 1 in FastEthernet0/0
>> >>>> no auto-summary
>> >>>>
>> >>>> R2#show run | sec access-list
>> >>>> access-list 1 permit 192.0.0.0 31.255.255.0
>> >>>>
>> >>>> R2#show ip ro rip
>> >>>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> >>>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> >>>> 193.1.1.0/25 is subnetted, 1 subnets
>> >>>> R 193.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> >>>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> >>>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> >>>> 194.1.1.0/26 is subnetted, 1 subnets
>> >>>> R 194.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> >>>>
>> >>>>
>> >>>> Blogs and organic groups at http://www.ccie.net
>> >>>>
>> >>>>
>> >>>> ______________________________**______________________________**
>> >>>> ___________
>> >>>> Subscription information may be found at:
>> >>>>
>> >>>> http://www.groupstudy.com/**list/CCIELab.html<http://www.groupstudy.com/list/CCIELab.html>
>> >>>>
>> >>>
>> >>>
>> >>> Blogs and organic groups at http://www.ccie.net
>> >>>
>> >>> ______________________________**______________________________**
>> >>> ___________
>> >>> Subscription information may be found at: http://www.groupstudy.com/**
>> >>> list/CCIELab.html <http://www.groupstudy.com/list/CCIELab.html>
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com
> Sr. Technical Instructor
> YES! We take Cisco Learning Credits!
> A Cisco Learning Partner

Blogs and organic groups at http://www.ccie.net
Received on Mon Jun 25 2012 - 11:20:39 ART

This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART