Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
3
Replies

Refer a route prefix in ACL and use it in route-map

Go to solution
shengkangjin
Level 1
Level 1

‎03-25-2022 06:10 AM - last edited on ‎03-27-2022 07:46 PM by Community Manager

Hello All,

 

I came to read the CCIE Routing and Switching Cert Guide v5.0 Volume 2 and having difficulty trying to understand the following command expression when referring an ACL in a route-map. To be more specific, the route-map is later used in

aggregate-address suppress-map

command in BGP.

 

ip access-list extended permit-1

  permit ip host 23.3.16.0 host 255.255.240.0

!

route-map suppress-1 permit 10

  match ip address permit-1

!

router bgp 123

  aggregate-address 23.0.0.0 255.0.0.0 as-set suppress-map suppress-1


Obviously in the access-list entry I'd assume 255.255.240.0 is the subnet mask (yep, it's not wildcard mask) however the words host, and the subnet mask have me confused.

 

My guess is because an ACL has a format of source-ip source-mask dest-ip desk-mask, but when referring to a single prefix range, there's no source/destination relationship and thus, the above format is used. But I found nowhere to confirm my guess, so here I am.

 

My other question is the following: The same book also mentioned when using distribution-list to filter a route combined with access-list, wildcard mask is used. If this is true, then when should I use a wildcard mask and when to use the subnet mask in an ACL?

 

Thanks for any help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎03-25-2022 09:14 AM

https://ine.com/blog/2008-01-04-using-extended-access-lists-in-a-distribute-list

 

Read this article it will help you to understand using acl to filter prefix.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
MHM Cisco World
VIP
VIP

‎03-25-2022 09:14 AM

https://ine.com/blog/2008-01-04-using-extended-access-lists-in-a-distribute-list

 

Read this article it will help you to understand using acl to filter prefix.

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP

‎03-25-2022 11:17 AM - last edited on ‎03-27-2022 07:47 PM by Community Manager

I never used wildcard mask with BGP.  But BGP is more flexible when it comes to network prefix for example, it does accepct /32 or /24 ,etc.

 

R1(config)#ip prefix-list test  permit ?
A.B.C.D/nn IP prefix <network>/<length>, e.g., 35.0.0.0/8




But if you are using an ACL, then, you may see wirkcard bit present:

R1(config)#ip access-list extended test

R1(config-ext-nacl)#permit ip 1.1.1.0 ?
A.B.C.D Source wildcard bits


 

 

 

0 Helpful

Go to solution
David Ruess
VIP
VIP

‎03-25-2022 05:09 PM - last edited on ‎03-27-2022 07:47 PM by Community Manager

Hello,

 

I am studying for my CCIE and am learning this topic as well currently. Based on what I understand of ACLs I read it as follows:

 

ip access-list extended permit-1

  permit ip host 23.3.16.0 host 255.255.240.0

>>>permit the host of 23.3.16.0 to any HOST with a subnet mask that matches 255.255.240.0

(I have not made it to BGP section yet so please take this with a grain of salt)

 

I found an article referencing your exact ACL:

https://www.ccexpert.us/routing-switching/filtering-subnets-of-a-summary-using-the-aggregateaddress-command.html

 

 

Additionally I haven't tested it but usually you would use a subnet mas to match exact bits whereas using a wildcard mask you can group a range of addresses into it giving you more flexibility/granularity.

0 Helpful
Customers Also Viewed These Support Documents