Hi Hans, and all,
Firstly, let me just clarify that this question is just a learning
exercise. I know the standard access-list would work, but I want to
find out how to limit the mask as well. It could be my fault if I
didn't make this clear initially.
Now back to the meat:
I've tried your access-list 116 below, and it sure worked for me.
Hans, is there any doco that describe distribute-list with extended
ACL you know? All the one I looked at didn't talk about the subnet
mask.
I've modified slightly to help myself understand this, the final
access-list 120 is below:
access-list 120 permit ip 0.0.0.0 255.255.255.0 host 10.1.1.0
This one is the most specific and will only allow a route with
10.1.1.0 with /24 to be distributed out. Tested.
This one should BLOCK:
10.1.1.0 / 25 route haven't test
10.1.0.0 / 16 route haven't test
If anyone know any other route apart from 10.1.1.0 can sneak out with
this list, I'm interested to know.
Just when I think I know ip extended access-list. Sure is different
in the way the extended access-list work then the URL I included
earlier:
http://www-1.cisco.com/cgi-bin/Support/OpenForum/dispnewqa.pl/6352
Thanks for the input!
Clue.
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
