Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Network Mask as destination in route-filter ACL?

Recently I found such kind of access list on my company's device

Switch>sh ip access-l 101

Extended IP access list 101

10 permit ip host 10.192.96.0 host 255.255.255.0 (1 match)

20 permit ip host 10.192.98.0 host 255.255.255.0 (1 match)

30 permit ip host 10.192.99.0 host 255.255.255.0 (1 match)

30 permit ip host 10.192.96.7 host 255.255.255.255 (1 match)

40 permit ip host 192.168.9.0 host 255.255.255.0

50 permit ip host 172.16.11.128 host 255.255.255.240 (1 match)

And this access list is used for route filtering.

Switch#sh run | b router eig

router eigrp 69

redistribute static route-map STATIC-TO-EIGRP

passive-interface default

no passive-interface Vlan104

no passive-interface Vlan106

network 10.192.0.0 0.0.255.255

network 192.168.168.0

no auto-summary

eigrp router-id 10.192.96.1

<Omitted>

Switch#sh route-map STATIC-TO-EIGRP

route-map STATIC-TO-EIGRP, permit, sequence 10

Match clauses:

ip address (access-lists): 101

Set clauses:

Policy routing matches: 0 packets, 0 bytes

route-map STATIC-TO-EIGRP, deny, sequence 20

Match clauses:

Set clauses:

Policy routing matches: 0 packets, 0 bytes

!

From the "show ip route" command output it looks like this access list is functioning as the following standard access list

10 permit 10.192.96.0 0.0.0.255

20 permit 10.192.98.0 0.0.0.255

30 permit 10.192.99.0 0.0.0.255

30 permit host 10.192.96.7

40 permit 192.168.9.0 0.0.0.255

50 permit 172.16.11.128 0.0.0.15

Can anybody advise me

1) How does access list 101 functioning?

2) What's the pros and cons to use this method instead of standard access list or prefix list to filter routes?

Thanks!

1 REPLY

Re: Network Mask as destination in route-filter ACL?

Hi,

The above access-list with not only matching the network but also the mask associated with a prefix . So the above ACL would allow advertisement of network if both the network and prefix length matches .

If u have 10.192.98.0/24 and 10.192.98.0/28 are there , this would advertise only the /24 and not /28 , but the ACL would advertise both.

In case of using the Prefix list , its just the flexibilty it gives to us in using the same.

Hope it helps

regards

vanesh k

259
Views
0
Helpful
1
Replies
CreatePlease login to create content