I think what Tom said is correct. The wildcard bits are just wildcard bits, not a pattern for the prefix to match. I seem to remember that the second (destination) IP address/wildcard in an extended ACL can be used to match the prefix of an advertised route.
Thanks, Zsombor At 02:46 PM 7/15/2003 +0000, Reimer, Fred wrote: >So would it match a network of 131.108.0.0/24? From what Cisco says, that >it matches the classful mask if none is specified, it should not match. > From what you say it sounds like you think it would match. > >I don't think wildcard bits are real wildcard bits when used in a distribute >list. I think they are used to match the prefix of the route in the routing >table. Your theory about 131.108.0.0 0.0.255.255 possibly matching other >networks, such as 131.108.1.0/24 (presumably /24) and 131.108.2.0/24 is an >interesting theory, but I'd like to know the facts. I don't have time to >test this at the moment myself, but I certainly will once we get our CCIE >lab up and running. > >Fred Reimer - CCNA > > >Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 >Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > >NOTICE; This email contains confidential or proprietary information which >may be legally privileged. It is intended only for the named recipient(s). >If an addressing or transmission error has misdirected the email, please >notify the author by replying to this message. If you are not the named >recipient, you are not authorized to use, disclose, distribute, copy, print >or rely on this email, and should immediately delete it from your computer. > > >-----Original Message----- >From: Tom Martin [mailto:[EMAIL PROTECTED] >Sent: Tuesday, July 15, 2003 9:27 AM >To: [EMAIL PROTECTED] >Subject: Re: Standard ACLs and distribute-list [7:72253] > >Fred, > >If the access-list were applied as an inbound or outbound interface >filter, it would match a single host. Since the access-list is being >applied using a distribution list it doesn't match just a single host -- >it matches the network 131.108.0.0 and must match every bit exactly. > >It wouldn't hurt to have access-list 1 permit 131.108.0.0 0.0.255.255, >which also matches 131.108.0.0. But in theory it could also allow other >networks to be advertised (such as 131.108.1.0, 131.108.2.0, etc). Since >you're running RIP I this wouldn't be an issue, but personally I think >having the specific "host" match is cleaner. > >Remember that the wildcard only specifies which bits must be an exact >match and which bits are "wild". Using the "host" keyword (or wildcard >0.0.0.0) does not necessarily imply that you are matching a host, it >just means that every bit must match! > >Cisco's documentation was not wrong. > >- Tom > >Reimer, Fred wrote: > > Here's what should be a simple question. > > > > > > > > If standard access lists are used with a distribute list, how is the mask > > treated if none is specified in an ACE? The Cisco documentation says: > > > > > > > > "The following router configuration mode example causes only one network > > > > (network 131.108.0.0) to be advertised by a RIP routing process: > > > > > > > > access-list 1 permit 131.108.0.0 > > > > access-list 1 deny 0.0.0.0 255.255.255.255 > > > > router rip > > > > network 131.108.0.0 > > > > distribute-list 1 out" > > > > > > > > I asked one of the "mentors" at KnowledgeNet, and they said: > > > > > > > > "That is not a network, 131.108.0.0. It is a host. You must add the > > > > wildcard mask to make it a network address. > > > > > > > > Sorry, but the Cisco doc is incorrect." > > > > > > > > So, the entry in the routing table is 131.108.0.0/16, yet Cisco > > documentation says that a ACE entry of "131.108.0.0" with no wildcard > > specified, would match. How, exactly, does IOS match routing entries when > > using a standard ACL in a distribute list? Does it consider any ACEs > > without a mask to have a normal classful mask? Like 131.108.0.0 would >have > > a mask of /16, and 192.168.1.0 would have a mask of /24? Another example >in > > the IOS 12.2 docs is: > > > > > > > > "In the following example, access list 1 is applied to outgoing routing > > > > updates, and Intermediate Sytem-to-Intermediate System (IS-IS) is enabled >on > > > > Ethernet interface 0. Only network 131.131.101.0 will be advertised in > > > > outgoing IS-IS routing updates. > > > > > > > > router isis > > > > redistribute ospf 109 > > > > distribute-list 1 out > > > > interface Ethernet 0 > > > > ip router isis > > > > access-list 1 permit 131.131.101.0 0.0.0.255" > > > > > > > > So, it would appear that if you don't want the classful mask to be used > > (when none is specified in the ACE) then you need to include wildcard >bits. > > > > > > > > Thanks, > > > > Fred Reimer - CCNA > > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > > NOTICE; This email contains confidential or proprietary information which > > may be legally privileged. It is intended only for the named recipient(s). > > If an addressing or transmission error has misdirected the email, please > > notify the author by replying to this message. If you are not the named > > recipient, you are not authorized to use, disclose, distribute, copy, >print > > or rely on this email, and should immediately delete it from your >computer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72333&t=72253 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
