The statement access-list 100 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0
could also be re-written as: access-list 100 permit ip host 192.108.0.0 host 255.255.0.0 which means that only the aggregate /16 will be accepted. The second statement: access-list 100 deny ip 192.108.0.0 0.0.255.255 255.255.0.0 0.0.255.255 denies the VLSM networks under the /16. Charles -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dain Deutschman Sent: Sunday, June 23, 2002 9:05 PM To: [EMAIL PROTECTED] Subject: Re: Neighbor distribute-list command w/ Extended ACL [7:47272] It's kind of wierd. The source portion of the access list defines the network whose updates are permited/denied...no suprise...the wierd part is that the destination portion specifies the subnet mask of that network. So, in your example; access-list 100 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0 ( 192.108.0.0 [wildcard] 0.0.0.0 [subnet mask] 255.255.0.0 [wildcard] 0.0.0.0) ( 192.108.0.0/16 will be advertised ) Maybe someone else can jump in...because the wildcard is 0.0.0.0 does it mean that any other VLSM networks under the 192.108.0.0/16 supernet would also be advertised? access-list 100 deny ip 192.108.0.0 0.0.255.255 255.255.0.0 0.0.255.255 ( 192.108.0.0 [wildcard] 0.0.255.255 [ subnet mask ] 255.255.0.0 [wildcard ] 0.0.255.255) (192.108.0.0/16 would be denied...the last two octets are ignored ) I'm new to all this and learning it myself...so please...someone correct me if I am wrong or add to my comments. Thanks. Dain. ""Hunt Lee"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Can anyone please explain this to me?? I have read some examples regarding > neighbor x.x.x.x distribute-list in | out using extended Access-List > from CCO, Internet Routing Arch (by Halabi) & BGP 4 Command & Reference (by > Parkhurst), yet I'm still very confused. > > Below is one of them > > neighbor 120.23.4.1 distribute-list 100 in > > access-list 100 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0 > > access-list 100 deny ip 192.108.0.0 0.0.255.255 255.255.0.0 0.0.255.255 > > > > How do you read these things?? Any help will be greatly appreciated. > > Thanks, > > Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47335&t=47272 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
