i am having difficulty understanding the following:
please consider the configuration as under:
routerA(config) access-list 1 deny 126.96.36.199 0.0.0.255
access-list 1 permit any.
routerA(config-router)bgp neighbor 188.8.131.52 remote-as 20
neighbor 184.108.40.206 distribute-list 1 out
the above configuration will cause router A no to send any update about 220.127.116.11 to neighbor 18.104.22.168
so the network number specified in access-list 1 will be checked against the the network being advertised in update. incase of match, specified action deny or permit will be carried out.
correct me please if i am wrong
routerA(config)access-list 102 deny ip 22.214.171.124 0.0.0.255 126.96.36.199 0.0.0.255
router A(config-router)nighbor 188.8.131.52 distribute-list 102 out
now which network number is being checked against the network number in the update? is it 184.108.40.206 or 220.127.116.11 ?
Afaik the behaviour is different. Remember this ACL describes routing updates and not IP packets crossing an interface. As such a routing update consists of a network and a mask. The first section in the ACL describes the network and the second section the mask portion of a routing update. The ACL 102 describes thus networks within 18.104.22.168 0.0.0.255 and the mask is in the range from 22.214.171.124 to 126.96.36.199 - which obviously does not make any sense in a normal routing environment.
So a working example would be
routerA(config)access-list 102 deny ip 188.8.131.52 0.0.0.255 host 255.255.255.255
routerA(config)access-list 102 permit ip any any
This would not announce any host route (/32) in the range from 184.108.40.206 to 220.127.116.11 but everything else.
Hope this helps! Please rate all posts.