So would it match a network of 131.108.0.0/24? From what Cisco says, that it matches the classful mask if none is specified, it should not match. >From what you say it sounds like you think it would match.
I don't think wildcard bits are real wildcard bits when used in a distribute list. I think they are used to match the prefix of the route in the routing table. Your theory about 131.108.0.0 0.0.255.255 possibly matching other networks, such as 131.108.1.0/24 (presumably /24) and 131.108.2.0/24 is an interesting theory, but I'd like to know the facts. I don't have time to test this at the moment myself, but I certainly will once we get our CCIE lab up and running. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -----Original Message----- From: Tom Martin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 9:27 AM To: [EMAIL PROTECTED] Subject: Re: Standard ACLs and distribute-list [7:72253] Fred, If the access-list were applied as an inbound or outbound interface filter, it would match a single host. Since the access-list is being applied using a distribution list it doesn't match just a single host -- it matches the network 131.108.0.0 and must match every bit exactly. It wouldn't hurt to have access-list 1 permit 131.108.0.0 0.0.255.255, which also matches 131.108.0.0. But in theory it could also allow other networks to be advertised (such as 131.108.1.0, 131.108.2.0, etc). Since you're running RIP I this wouldn't be an issue, but personally I think having the specific "host" match is cleaner. Remember that the wildcard only specifies which bits must be an exact match and which bits are "wild". Using the "host" keyword (or wildcard 0.0.0.0) does not necessarily imply that you are matching a host, it just means that every bit must match! Cisco's documentation was not wrong. - Tom Reimer, Fred wrote: > Here's what should be a simple question. > > > > If standard access lists are used with a distribute list, how is the mask > treated if none is specified in an ACE? The Cisco documentation says: > > > > "The following router configuration mode example causes only one network > > (network 131.108.0.0) to be advertised by a RIP routing process: > > > > access-list 1 permit 131.108.0.0 > > access-list 1 deny 0.0.0.0 255.255.255.255 > > router rip > > network 131.108.0.0 > > distribute-list 1 out" > > > > I asked one of the "mentors" at KnowledgeNet, and they said: > > > > "That is not a network, 131.108.0.0. It is a host. You must add the > > wildcard mask to make it a network address. > > > > Sorry, but the Cisco doc is incorrect." > > > > So, the entry in the routing table is 131.108.0.0/16, yet Cisco > documentation says that a ACE entry of "131.108.0.0" with no wildcard > specified, would match. How, exactly, does IOS match routing entries when > using a standard ACL in a distribute list? Does it consider any ACEs > without a mask to have a normal classful mask? Like 131.108.0.0 would have > a mask of /16, and 192.168.1.0 would have a mask of /24? Another example in > the IOS 12.2 docs is: > > > > "In the following example, access list 1 is applied to outgoing routing > > updates, and Intermediate Sytem-to-Intermediate System (IS-IS) is enabled on > > Ethernet interface 0. Only network 131.131.101.0 will be advertised in > > outgoing IS-IS routing updates. > > > > router isis > > redistribute ospf 109 > > distribute-list 1 out > > interface Ethernet 0 > > ip router isis > > access-list 1 permit 131.131.101.0 0.0.0.255" > > > > So, it would appear that if you don't want the classful mask to be used > (when none is specified in the ACE) then you need to include wildcard bits. > > > > Thanks, > > Fred Reimer - CCNA > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > NOTICE; This email contains confidential or proprietary information which > may be legally privileged. It is intended only for the named recipient(s). > If an addressing or transmission error has misdirected the email, please > notify the author by replying to this message. If you are not the named > recipient, you are not authorized to use, disclose, distribute, copy, print > or rely on this email, and should immediately delete it from your computer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72305&t=72253 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
