Solved: understanding standard access-list on 6509 switch

Horacio Gutierrez · ‎10-02-2011

Hello,

I have this two commands on my 6509 core switch, does any know what this commands do.

ip access-list standard BGP-AT&T-Video-Egress-Filter

permit 10.x.x.x x.x.x.127

ip access-list standard BGP-AT&T-Video-Ingress-Filter

permit 192.x.x.x x.x.x.127

Thanks.

Antonio Knox · ‎10-03-2011

I agree with you Rick. The ACL name suggests to me either Distribution List or PBR. A little more config insight would enable the community to assist further.

View solution in original post

Marwan ALshawi · ‎10-02-2011

Standard access list mat h the source network

I am assuming this ACL used with a routing protocol configuration which helps to match the source network then use sit in distribute list filtering or route-map filtering for more options

If you post all co fig related to these ACL I can help you to understand how it's been configured

Hope this help

If helpful rate

daudparvez · ‎10-03-2011

Can you please explain that what does the "x" in the permit command represent and where is this ACL applied???

IF I ASSUME THAT "x" REPRESENTS 0, AND THIS ACL IS APPLIED ON AN INTERFACE TO FILTER PACKETS, THEN, WE CAN HAVE FOLLOWING EXPLANATIONS:

ip access-list standard BGP-AT&T-Video-Egress-Filter

permit 10.x.x.x x.x.x.127

This ACL will allow packets with Source IP Address from the following ranges:

10.0.0.0 to 10.0.0.127

and will block/drop all other packets with a differnt Source IP Address.

_______________________________________________________________________________________

ip access-list standard BGP-AT&T-Video-Ingress-Filter

permit 192.x.x.x x.x.x.127

This ACL will allow packets with Source IP Address from the following ranges:

192.0.0.0 192.0.0.127

and will block/drop all other packets with a differnt Source IP Address.

Hope this helped.

Regards

Richard Burts · ‎10-03-2011

The original poster asks what these access lists do. The easy part is explaining the permit logic of the access lists and Daud has provided a good explanation for this. The more difficult part is to understand and explain what the access lists are doing. Access lists can be used for many different purposes such as filtering data packets on an interface (applied as ip access-group), or can be used to filter routing updates (applied as distribute list or used in a route map), or can be used to control remote access (applied as access-class), or can be used to select traffic for Policy Based Routing (applied in a route map), or can be used to identify interesting traffic for a dialer (applied as dialer-list) or some other functions. So if the original poster can supply how these access lists are applied then we may be able to explain correctly what they are doing.

HTH

Rick

HTH

Rick

Antonio Knox · ‎10-03-2011

I agree with you Rick. The ACL name suggests to me either Distribution List or PBR. A little more config insight would enable the community to assist further.

Horacio Gutierrez · ‎10-03-2011

Hello All,

Well first of I forgot to mention I am running BGP between this core switches. I figured out with this two commands are for which is for QOS and to let certain video Vlan's have access across the MPLS cloud.

Thanks again to everyone and sorry for not mentioning I was running BGP on a MPLS cloud.

Marwan ALshawi · ‎10-03-2011

well i did expected that and described it as assumption in my post above

glad that you understand it now