Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5072
Views
0
Helpful
4
Replies

access-list for bgp

Go to solution
annayuzhao
Level 1
Level 1

‎02-25-2004 07:44 PM - edited ‎03-02-2019 01:51 PM

the following is the configration from tcp/ip volume II

router bgp 100

aggregate-address 192.168.192.0 255.255.248.0

redistribute eigrp 100

neighbor 192.168.1.253 remote-as 200

neighbor 192.168.1.253 send-community

neighbor 192.168.1.253 route-map yu out

access-list 101 permit ip host 192.168.192.0 host 255.255.248.0

route-map yu permit 10

match ip address 101

set community none

route-map yu permit 20

set community no-export

Can anyone explain this statment "access-list 101 permit ip host 192.168.192.0 host 255.255.248.0"

thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to leowchongwei

‎02-26-2004 04:01 AM

The host keyword in this context indicates that all bit have to match. Bear in mind that this ACL has for purpose to filter routes not traffic. In this context, the first pair of refers to the prefix that you want to filter. The second pair refers to the subnet mask.

access-list 101 permit ip host 192.168.192.0 host 255.255.248.0

is equivalent to

access-list 101 permit ip 192.168.192.0 0.0.0.0.0 255.255.248.0 0.0.0.0.0

so the only prefix that will match the ACL is 192.168.192.0/21

192.168.192.0/24 would not match even though the prefix matches since the prefix lenght doesn't.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎02-25-2004 08:04 PM

The behavior of an ACL entry is a bit different in a route-map context. This ACL entry that you use in your configuration will match if the prefix is exactly 192.168.192.0 and the mask is exactly 255.255.248.0.

Any other combinaison would not match.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
leowchongwei
Level 1
Level 1
In response to Harold Ritter

‎02-26-2004 03:36 AM

Hi hritter,

meaning to say hosts in the segment 192.168.193.0 will not be matched?

0 Helpful

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to leowchongwei

‎02-26-2004 04:01 AM

The host keyword in this context indicates that all bit have to match. Bear in mind that this ACL has for purpose to filter routes not traffic. In this context, the first pair of refers to the prefix that you want to filter. The second pair refers to the subnet mask.

access-list 101 permit ip host 192.168.192.0 host 255.255.248.0

is equivalent to

access-list 101 permit ip 192.168.192.0 0.0.0.0.0 255.255.248.0 0.0.0.0.0

so the only prefix that will match the ACL is 192.168.192.0/21

192.168.192.0/24 would not match even though the prefix matches since the prefix lenght doesn't.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
libincisco
Level 1
Level 1

‎02-26-2004 10:00 PM

it is the same as the prefix-list command

ip prefix-list a permit 192.168.192.0/21

0 Helpful
Customers Also Viewed These Support Documents