04-05-2007 12:44 PM - edited 03-05-2019 03:20 PM
hi
i am having difficulty understanding the following:
please consider the configuration as under:
routerA(config) access-list 1 deny 198.198.198.0 0.0.0.255
access-list 1 permit any.
routerA(config-router)bgp neighbor 1.1.1.1 remote-as 20
neighbor 1.1.1.1 distribute-list 1 out
------------------------------------------------
the above configuration will cause router A no to send any update about 198.198.198.0 to neighbor 1.1.1.1
so the network number specified in access-list 1 will be checked against the the network being advertised in update. incase of match, specified action deny or permit will be carried out.
correct me please if i am wrong
second scenario:
routerA(config)access-list 102 deny ip 198.198.198.0 0.0.0.255 168.168.168.0 0.0.0.255
router A(config-router)nighbor 1.1.1.1 distribute-list 102 out
now which network number is being checked against the network number in the update? is it 198.198.198.0 or 168.168.168.0 ?
thanks
Solved! Go to Solution.
04-24-2007 08:56 AM
Hi,
Afaik the behaviour is different. Remember this ACL describes routing updates and not IP packets crossing an interface. As such a routing update consists of a network and a mask. The first section in the ACL describes the network and the second section the mask portion of a routing update. The ACL 102 describes thus networks within 198.198.198.0 0.0.0.255 and the mask is in the range from 168.168.168.0 to 168.168.168.255 - which obviously does not make any sense in a normal routing environment.
So a working example would be
routerA(config)access-list 102 deny ip 198.198.198.0 0.0.0.255 host 255.255.255.255
routerA(config)access-list 102 permit ip any any
This would not announce any host route (/32) in the range from 198.198.198.0 to 198.198.198.255 but everything else.
Hope this helps! Please rate all posts.
Regards, Martin
04-11-2007 10:19 AM
Your first part of understanding is right.In the second part source if the souce is 198.198.198.0 and if destination is 168.168.168.0 network it will not be sent out.
04-24-2007 08:56 AM
Hi,
Afaik the behaviour is different. Remember this ACL describes routing updates and not IP packets crossing an interface. As such a routing update consists of a network and a mask. The first section in the ACL describes the network and the second section the mask portion of a routing update. The ACL 102 describes thus networks within 198.198.198.0 0.0.0.255 and the mask is in the range from 168.168.168.0 to 168.168.168.255 - which obviously does not make any sense in a normal routing environment.
So a working example would be
routerA(config)access-list 102 deny ip 198.198.198.0 0.0.0.255 host 255.255.255.255
routerA(config)access-list 102 permit ip any any
This would not announce any host route (/32) in the range from 198.198.198.0 to 198.198.198.255 but everything else.
Hope this helps! Please rate all posts.
Regards, Martin
05-10-2007 08:07 AM
thanks martin for your help. i got it now
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide