ACL

Answered Question
Jun 9th, 2008

Hi All,

Can anyone help me to understand the below access-list

access-list zzz permit ip host yy.xx.224.0 host 255.255.252.0

Thanks

Regards

Anantha Subramanian Natarajan

I have this problem too.
0 votes
Correct Answer by Richard Burts about 8 years 7 months ago

Anantha also posted this question in the LAN Switching and Routing forum where there was an interesting discussion and a demonstration that this is an absolutely valid extended access list when used in a distribute list in BGP.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc0d8ea

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Paolo Bevilacqua Mon, 06/09/2008 - 07:58

Hi, there is a very strong possibility that the person that entered this command didn't had a clue about what he/she was doing, as it doesn't seems to have any practical applications.

Sometime people with a territorial attitude intentionally enter obscure and unnecessary commands, in order to retain authority in the workplace. This may or may not be the case here.

anasubra_2 Mon, 06/09/2008 - 08:01

Hi bevilacqua,

Thanks for the clarification.

Regards

Anantha Subramanian Natarajan

Correct Answer
Richard Burts Mon, 06/09/2008 - 09:49

Anantha also posted this question in the LAN Switching and Routing forum where there was an interesting discussion and a demonstration that this is an absolutely valid extended access list when used in a distribute list in BGP.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc0d8ea

HTH

Rick

Paolo Bevilacqua Mon, 06/09/2008 - 09:57

Rick, of course you are correct.

I had forgot about the old technique where source matches prefix and destination matches prefix-length, that predates the current prefix-list.

A more complete config snippet would have prevented the confusion for which I apologize.

Richard Burts Mon, 06/09/2008 - 10:06

Paolo

Absolutely right !

The first thing that I said in my response in the other forum was to ask about the context of using the access list. If it had been mentioned that it was a BGP distribute list then there would have been no confusion.

HTH

Rick

anasubra_2 Mon, 06/09/2008 - 10:20

Hi All,

Sorry,didn't explained it better ....Once again thanks for all your help

Regards

Anantha Subramanian Natarajan

Actions

This Discussion