From: ccie2be (ccie2be@nyc.rr.com)
Date: Mon Jul 25 2005 - 18:40:17 GMT-3
Dillon,
There are pro's and con's to using a named acl.
Pro's
A named acl can help to document the function of the acl eg Task-5.2 which
can help you avoid making dumb mistakes like applying an acl in the same
direction as another acl already on the interface which is an easy mistake
to make.
Con's
Some features don't accept a named acl. However, you can still create a
named acl and use a number instead of an alphanumeric string which has the
benefit of allowing you to edit your acl more easily.
Whichever method you choose, I highly recommend that you add remarks to your
acl during the lab so that you don't accidentally "overwrite" a previously
applied acl. And. prior to creating a new acl, you do a show access-list so
you can see if the potential for a problem exists.
Re: Passive interface: This command functions differently for almost each
IGP. In fact, for IS-IS, this command can be used to inject an ip subnet
into the IS-IS routing process. For Rip, it only prevents broadcast and
multicast updates from going out, not coming in. It also doesn't prevent
unicast updates.
For eigrp and ospf, it stops any adjacency from forming over the specified
interfaces.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Dillon Yang
Sent: Sunday, July 24, 2005 11:58 AM
To: Group Study
Subject: lesson from failure
1. If ACL, use numerical ACL as possible.
2. If advertise update, use passive-interface as possible.
HTH
dillon
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:31 GMT-3