From: Brian McGahan (brian@cyscoexpert.com)
Date: Tue Apr 29 2003 - 18:56:17 GMT-3
Blanco,
This is the situation in which OhioHondo mentioned. An extended
access-list can be used to check on both the network and mask of a
prefix. The syntax is as follows:
Access-list 100 permit ip [network] [network_wildcard] [subnet_mask]
[subnet_mask_wildcard]
Therefore, the syntax for "Allow 10.1.x.0 networks *AND* only
networks with mask /25 (where x is an odd number)" would be:
Access-list 100 permit ip 10.1.1.0 0.0.254.255 host 255.255.255.128
Furthermore, since your network address would always end in
either .0 or .128, the following list would be even more accurate:
Access-list 100 permit ip 10.1.1.0 0.0.254.128 host 255.255.255.128
However, the first list would still suffice.
HTH
Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
Toll Free: 866.CyscoXP
Fax: 847.674.2625
> -----Original Message-----
> From: Blanco Lam [mailto:b@gclamb.com]
> Sent: Monday, April 28, 2003 5:27 PM
> To: brian@cyscoexpert.com
> Subject: complex prefix-list and extended ACL scenario
>
> Hi Brian,
>
> I know there's been a thread going on about extended ACL and
prefix-list.
> I've also read about a post you've made some time ago with regards to
> prefix-
> list.
>
> However, I've been having trouble getting the following to work:
>
> Sample scenario - I'm receiving routes the following routes from an
EIGRP
> neighbour:
>
> 10.1.1.0/24
> 10.1.1.0/25
> 10.1.3.0/25
> 10.1.3.0/26
>
> Requirement: Allow 10.1.x.0 networks *AND* only networks with mask /25
> (where x
> is an odd number)
>
> >From what I understand, prefix-list cannot check on whether an octet
is
> odd or
> even and therefore only an standard/extended ACL can do that. But a
> standard/extended ACL cannot check on mask.
>
> Thanks,
>
> Blanco
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:09 GMT-3