07-17-2018 10:36 AM - edited 03-05-2019 10:47 AM
Hi All,
I have a doubt regarding extended access list. We are writing the extended access-list by below format.
IP ACCESS-LIST (NAME OR NUMBER ) PERMIT IP HOST (SOURCE) HOST (DESTINATION)
But in the cisco document its mention as below
access-list 101 permit ip host 6.6.6.0 host 255.255.255.0 access-list 102 permit ip host 7.7.7.0 host 255.255.255.0 !
link - https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/28784-bgp-community.html
Can anyone please explain what is the meaning of accesslist
Regards,
K
07-17-2018 10:42 AM
07-17-2018 11:09 PM
Hi,
I did not understand clearly. Can you please explain.
Regards,
K
07-17-2018 11:25 PM
Two way to write down ACL on Router.
Format 1
access-list 101 permit ip host 6.6.6.0 host 255.255.255.0
access-list 102 permit ip host 7.7.7.0 host 255.255.255.0
Format 2
ip access-list extended 101
permit ip host 6.6.6.0 host 255.255.255.0
permit ip host 7.7.7.0 host 255.255.255.0
!
Note: You can write number ACL using both format but in actual configuration it will appear as format1.
But you can write name base ACL in format 2 only and it will display in actual device configuration as format2. You can try and test it.
Kindly rate for helpful post
Regards,
Pawan
07-18-2018 01:35 AM
Hi Pawan,
Thanks for take it quickly. My quarry is not related the format. My question is regarding (HOST 255.255.255.0) regarding destination.
My question is why we are using destination as 255.255.255.0
Regards,
K
07-18-2018 02:47 AM
Oh its my bad I didn't noticed it is subnet mask yes after host there should be IP address.
07-18-2018 03:53 AM
07-18-2018 06:42 AM - edited 07-18-2018 06:44 AM
Joseph is certainly on the right track. Let me take a slightly different approach to an explanation. First let us remember that access lists can be used for many purposes. So in looking at an access list we must look at how it is applied. I am confident that if the original poster looks at how those access lists are applied he will find that it used in configuration of BGP to control advertisements to or from a neighbor.
It is an older approach in configuring BGP to use an extended access list to control advertisements and in more modern approach we would use prefix list to accomplish this purpose. So what is the meaning of the access list when used in BGP? We tend to think of the access list in these terms
access-list 101 permit ip <source address> <mask of source address> <destination address> <mask of destination address>
But when used with BGP we would think of it in these terms
access-list 101 permit ip <prefix to advertise> <how many bits of prefix are significant> <mask for advertisement> <how many bits of mask are significant>
So Joseph is correct that the result of those access lists would be to permit advertisement of 6.6.6.0/24 and 7.7.7.0/24 (though I am not where he gets community string into it).
HTH
Rick
[edit] I see in the original post that the link given apparently does introduce communities and that must be where Joseph gets the community reference.
07-18-2018 07:43 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide