Re: IP EXTENDED ACCESS-LIST USAGE IN BGP posted 04/07/2003
I don't quite understand the logic of this access list.
access-list access-list-number permit ip network-number network-do-not-care-bits mask mask-do-not-care-bits
If you want to filter on 172.16.0.0 only you would do this (according to Halabi page 314):
access-list 101 permit ip 172.16.0.0 0.0.255.255 255.255.0.0 0.0.0.0
Another example would be if you wanted to pass an aggregate-address with the more specifics to one AS but only pass the summary to anything beyond. The Halabi book (p. 348) shows this for of the access list using the summary 172.16.0.0/16.
access-list 101 permit ip 172.16.0.0 0.0.255.255 host 255.255.0.0
Can someone explain the logic behind these access lists and also the difference in using "host" statements within. Also, could you use a prefix-list to accomplish the same with less confusion and complexity?
--------------------------------- Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more