Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to send specific routing update?

Sam Halabi said:

The preceding access list will permit 172.16.0.0/16, 172.16.0.0/17, 172.16.0.0/18, 172.16.1.0/24, and so on.

To restrict the update to 172.16.0.0/16 only, you have to use an extended access list of this

form:

access-list access-list-number {deny | permit} protocol source sourcewildcard

destination destination-wildcard | mask mask-wildcard

This defines an extended access list that matches on a source destination or a source mask

tuple to permit or deny a specific routing update. The access list number falls between 100

and 199. In the case where the protocol is IP and you are checking on a source/mask tuple,

this would translate into the following:

access-list access-list-number permit ip network-number network-do-notcare-

bits mask mask-do-not-care-bits

For example:

access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0

A 0 is an exact match bit, and a 1 is a do-not-care bit.

The preceding extended access list indicates that aggregate 172.16.0.0/16 is to be sent only

because you have indicated that the mask should match 255.255.0.0 exactly. An update of the

form 172.16.0.0/17 will not be allowed.

You could also accomplish this a couple of other ways. For example:

access-list 101 permit ip host 172.16.0.0 host 255.255.0.0

Or you could use a prefix list:

ip prefix-list 1 seq 5 permit 172.16.0.0/16

I test it on my 2600.And extend access-list is fail.Prefix-list is success.

For extend access-list,I don't understand what's mean of 255.255.0.0 0.0.0.0(destinaton)?

If I want to send 10.0.0.0/8,do I need code 255.0.0.0 0.0.0.0 or 255.255.0.0 0.0.0.0?

1 REPLY

Re: How to send specific routing update?

Yes, for 172.16.0.0/16 the extended acl should look like,

access-list 100 permit ip 172.16.0.0 0.0.0.0 255.255.0.0 0.0.0.0

and for 10.0.0.0/8, it should be recoded as 255.0.0.0 0.0.0.0

74
Views
0
Helpful
1
Replies
CreatePlease login to create content