Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

extended access list

Hello

Could someone help me with an extended access list that I try to figure out.

I want my router to only accept various /16 prefixes and deny everything that is greater than /16.

Right now i get these networks: 192.12.0.0/16       192.13.0.0/16     192.12.2.0/24

/Dan

6 REPLIES
New Member

Re: extended access list

with "greater than /16" i mean /17 /18... and so on.

Hall of Fame Super Silver

Re: extended access list

Dan

I am not clear from this post what you are trying to do with an extended access list. The extended access list can be used for multiple purposes including using the extended access list to filter data packets on an interface or using the extended access list to filter routing updates.

If you are trying to filter routing updates then the feature that you want to use is prefix list and not extended access list. If you are trying to filter data packets on an interface then extended access list is what you need to use.

So perhaps you can clarify what you are trying to accomplish?

HTH

Rick

New Member

Re: extended access list

thanks for your reply, I am trying to block routing updates.

On this page: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml

They are using this for an example when they are trying to only allow 160.0.0.0/8.

access-list 101 permit ip 160.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0

I want an access-list as above that will allow 192.12.0.0/16 and 192.13.0.0/16
but block 192.12.2.0/24 and 192.13.2.0/24

Silver

Re: extended access list

I believe you'd be better served with a prefix list.  Consider the following.

If you want any 192.x.x.x network with a subnet between 8 and 16 bits try this:

ip prefix-list tango permit 192.0.0.0/8 le 16

The command reference for 'ip prefix-list' can be found here:

http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp2.html#wp1094224



Chris

Hall of Fame Super Silver

Re: extended access list

Dan

The link that you gave is about filtering routes in BGP. In filtering BGP route updates it does work to use an extended access list. It is not clear what your environment is and whether you are running BGP and whether it is BGP updates that you want to filter.

Even if you do want to filter BGP updates it would be easier to do this with a prefix list. The extended access list was the older method of filtering BGP route updates. Prefix lists are more recent and more powerful. So I suggest that you take a good look at the example given by Chris and at the link that he provides. This would be the better way.

HTH

Rick

New Member

Re: extended access list

Hello

Thanks for all help. Thanks for the tip about prefix lists that was exactly what i needed.

But i also wonder if it is possible to do the same(block BGP updates) with community filtering, so i can block some updates from some communities?

634
Views
0
Helpful
6
Replies
CreatePlease to create content