Re: [OSL | CCIE_RS] BGP Distribute list

Fri, 15 Feb 2008 10:24:40 -0800 

With bgp, an extended access list can be used.  Normally, an extended ACL
matches source and destination.  In this special usage, however, after
source and source wildcard bits, comes subnet mask and subnet mask wildcard
bits.

 

Access-list 101 permit ip 160.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0 

only allows with a subnet mask of /8.

 

Access-list 101 permit ip 160.0.0.0 0.255.255.255 255.128.0.0 0.0.0.0

Would only allow with a subnet mask of /9

 

You can also get into mask bits and allow a range of subnet masks.

 

This has been around for quite a while.  Prefix lists tend to be a more
common way to match both network and mask length.

 

Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
A Cisco Learning Partner - We Accept Learning Credits!
Telephone: +1.810.326.1444
Fax: +1.810.454.0130

Mailto: [EMAIL PROTECTED]

 

IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab
Certifications.

  _____  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kambiz Agahian
Sent: Thursday, February 14, 2008 4:17 PM
To: [email protected]
Subject: [OSL | CCIE_RS] BGP Distribute list

 

 

 

Hi Scott,
Could you please shed some light on this issue?
I'm just trying to figure out some details of the following example. It's
from Cisco web site at
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm :


############################################

Using access lists to filter supernets is a bit trickier. Assume, for
example, that Router B in has different subnets of 160.10.x.x, and you want
to advertise 160.0.0.0/8 only. The following access list would permit
160.0.0.0/8, 160.0.0.0/9, and so on: 

access-list 1 permit 160.0.0.0 0.255.255.255
 

To restrict the update to 160.0.0.0/8 only, you have to use an extended
access list, such as the following: 

access-list 101 permit ip 160.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0





###################################################





Would you please explain what they exactly mean by this solution (bold
lines)? 


It's not very clear to me especially when it comes to the last ACL (101).


Thanks for any hint.

Cheers,
Kambiz

Reply via email to