help on this access-list

- A
- Andy
  
  Contact options for registered users
posted
18 years ago

Sun, Sep 25, 2005 10:57 AM

Hello everbody:

I am a newbie on this forum and this is the first topic I post, hope I can get help from someone who is warmhearted

I am preparing CCIE R&S exame, I have met a problem configuring access-list , here is an example from the material

Router bgp 3 network 172.16.1.0 mask 255.255.255.0 Neighbor 192.168.5.2 remote-as 1 Neighbor 192.168.5.2 route-map SETCOMMUNITY out

route-map SETCOMMUNITY permit 10 mat ip address 101

access-list 101 permit ip 172.16.0.0 0.0.255.255 host 255.255.0.0

The explanation for the last access-list was this is to match network

172.16.0.0 only, in another word, it excludes other entries starts with 172.16

I am confused by the "host 255.255.0.0" used in the access-list ? what does it mean ? from what I understand this is like a Mask-wildcard, but it appears at the 'destination-wildcard' position in the extended-ACL .

Can somebody help me on this ?

Thanks

-Andy

- M
- Merv
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sun, Sep 25, 2005 12:22 PM

host 255.255.0.0 is equivalent to 255.255.0.0 0.0.0.0

in other words matching on a /16 prefix mask

- B
- Barry Margolin
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Sep 27, 2005 3:31 AM

Then it should be

access-list 101 permit ip host 172.16.0.0 host 255.255.0.0

The ACL you showed permits 172.16.x.y/16, for any values of x and y, because you're wildcarding the last two octets of the prefix.

Of course, a route for 172.16.x.y, where x and y are not 0, makes no sense with a /16 prefix length -- it should either be rejected as an error or treated as equivalent to 172.16.0.0/16.