access-lists use wildcard masks not netmasks........
On Tue, 3 Oct 2000, Driessens.Hans wrote:
> Hi ClueLess
>
> you want to use a standard access-list instead of an extended if you are
> doing it like this. You are filtering on source address instead of
> destination address and that is no good. Also, your access-list 10 has no
> mask and uses the default. If 10.1.1.0 is the only network allowed use the
> mask /24...
>
> interface Loopback0
> ip address 10.1.1.1 255.255.255.0
> !
> interface Loopback1
> ip address 10.1.2.1 255.255.255.0
> !
> router eigrp 90
> network 10.0.0.0
> network 137.20.0.0
> distribute-list 10 out
> no auto-summary
> !
> ip classless
> !
> access-list 10 permit 10.1.1.0 255.255.255.0
>
> Hans
>
> -----Oorspronkelijk bericht-----
> Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Verzonden: zondag 1 oktober 2000 4:34
> Aan: [EMAIL PROTECTED]
> Onderwerp: EXTENDED ACL for distribute-list
>
>
> Hi all,
>
> Could someone shed some light on how to use EXTENDED ACL for
> distribute-list?
>
> I'm trying to allow only 10.1.1.0/24 route to be distributed by eigrp
> 90. Below is config and debug ip eigrp output. I thought ACL 110 is
> a bit "relaxed" but should have allow the 10.1.1.0/24 route to be
> distribute out. But it got DENIED. ACL 10 worked.
>
> Initially, I had "access-list 110 permit ip 10.1.1.0 0.0.0.0
> 255.255.255.0 0.0.0.0" which I thought would be the most specific.
> But this didn't work also.
>
> I found the URL below from Open Forum:
> http://www-1.cisco.com/cgi-bin/Support/OpenForum/dispnewqa.pl/6352
> If anyone have some good link on this topic, please kindly send them
> in!
>
> Any comment welcome!
> ClueLess.
>
>
> r7#sh ver
> Cisco Internetwork Operating System Software
> IOS (tm) 2500 Software (C2500-DS-L), Version 11.3(11a), RELEASE
> SOFTWARE (fc1)
> Copyright (c) 1986-1999 by cisco Systems, Inc.
> Compiled Mon 20-Sep-99 07:43 by jjgreen
> Image text-base: 0x03040474, data-base: 0x00001000
>
> Partial config:
> !
> interface Loopback0
> ip address 10.1.1.1 255.255.255.0
> !
> interface Loopback1
> ip address 10.1.2.1 255.255.255.0
> !
> router eigrp 90
> network 10.0.0.0
> network 137.20.0.0
> distribute-list 110 out
> no auto-summary
> !
> ip classless
> !
> access-list 10 permit 10.1.1.0
> access-list 110 permit ip 10.1.1.0 0.0.0.255 any
>
> With distribute-list 110 out:
> 1d21h: IP-EIGRP: 137.20.50.0/24 - denied by distribute list
> 1d21h: IP-EIGRP: 10.1.1.0/24 - denied by distribute list
> 1d21h: IP-EIGRP: 10.1.2.0/24 - denied by distribute list
>
> With distribute-list 10 out:
> 1d21h: IP-EIGRP: 137.20.50.0/24 - denied by distribute list
> 1d21h: IP-EIGRP: 10.1.1.0/24 - do advertise out Ethernet0
> 1d21h: IP-EIGRP: Int 10.1.1.0/24 metric 128256 - 256 128000
> 1d21h: IP-EIGRP: 10.1.2.0/24 - denied by distribute list
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
-----------------------------------------------
Brian Feeny, CCNP, CCDA [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
