Re: lesson from failure

From: Dillon Yang (dillony@gmail.com)
Date: Mon Jul 25 2005 - 21:46:01 GMT-3

• Next message: Vazman: "IPv6 Seminar"
• Previous message: Dillon Yang: "Re: lesson from failure"
• Maybe in reply to: Dillon Yang: "lesson from failure"
• Next in thread: Ed Tan: "Re: lesson from failure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, Tim:

  Yes. "Some features don't accept a named acl." That is what I implied, since the numerical ACL works well with all the command, it is the best.
  As for "passive-interface", it really bans all the advertising update out, regardless of neighborhood or update in. In comparison to the other command such as "distribute-list", it is very simple.

TIA
dillon

----- Original Message -----
From: "ccie2be" <ccie2be@nyc.rr.com>
To: "'Dillon Yang'" <dillony@gmail.com>; "'Group Study'" <ccielab@groupstudy.com>
Sent: Tuesday, July 26, 2005 5:40 AM
Subject: RE: lesson from failure

> Dillon,
>
> There are pro's and con's to using a named acl.
>
> Pro's
> A named acl can help to document the function of the acl eg Task-5.2 which
> can help you avoid making dumb mistakes like applying an acl in the same
> direction as another acl already on the interface which is an easy mistake
> to make.
>
> Con's
> Some features don't accept a named acl. However, you can still create a
> named acl and use a number instead of an alphanumeric string which has the
> benefit of allowing you to edit your acl more easily.
>
> Whichever method you choose, I highly recommend that you add remarks to your
> acl during the lab so that you don't accidentally "overwrite" a previously
> applied acl. And. prior to creating a new acl, you do a show access-list so
> you can see if the potential for a problem exists.
>
>
> Re: Passive interface: This command functions differently for almost each
> IGP. In fact, for IS-IS, this command can be used to inject an ip subnet
> into the IS-IS routing process. For Rip, it only prevents broadcast and
> multicast updates from going out, not coming in. It also doesn't prevent
> unicast updates.
>
> For eigrp and ospf, it stops any adjacency from forming over the specified
> interfaces.
>
> HTH, Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Dillon Yang
> Sent: Sunday, July 24, 2005 11:58 AM
> To: Group Study
> Subject: lesson from failure
>
> 1. If ACL, use numerical ACL as possible.
> 2. If advertise update, use passive-interface as possible.
>
> HTH
> dillon
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Vazman: "IPv6 Seminar"
• Previous message: Dillon Yang: "Re: lesson from failure"
• Maybe in reply to: Dillon Yang: "lesson from failure"
• Next in thread: Ed Tan: "Re: lesson from failure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:31 GMT-3