On Tue, 2015-02-03 at 09:30 +0100, Gert Doering wrote: > It's hard to come up with a really useful example, but given that extended > ACLs match both on prefix base and netmask with wildcards bits, this is > more flexibility than you'll ever use without your brain blowing up. > > access-list 100 permit 10.0.5.0 0.255.0.0 255.255.255.0 0.0.0.255 > > "for every /24 out of 10/0 that is 10.x.5.0/24, permit /24../32" > > do that with a prefix list :-)
On the other hand, almost all people doing this are doing something wrong. ;-) And that's _almost_ all of course. Someone very skilled might have a legitimate purpose for doing exactly this, but OP (and people like me) are not among those. I'd say stick to prefix-lists and then when you can write route-maps in your sleep from arbitrary policy wishes, but still can't solve a given problem with prefix-lists _then_ look at using access-lists. :-) -- Peter _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
