We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 537 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

323 New Members signed up the last 30 days!

 
satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Notable Replies

  1. awesome lessons! didnt know you can use extended access-list like this!

    correct me if im wrong, the difference i see here is that, its working like a prefix-list but you can only use "greater than or equal to"?

    on your examples, it only shows like:

    -/24 to /32

    -/25 to /32

    -/26 to /32

    is it possible to have /24 to /30 only? /26 to /29? what will be your subnet and subnet wild card?

     

    thanks!

  2. Hi John,

    Good question, it can't be done...let's look at an example:

    00000000 /24
    10000000 /25
    11000000 /26
    11100000 /27
    11110000 /28
    11111000 /29
    11111100 /30
    11111110 /31
    11111111 /32

    Let's say you want to match /26 up to /29, the problem is that they don't have a lot of bits in common...only the first two bits are the same:

    11000000 /26
    11100000 /27
    11110000 /28
    11111000 /29

    Now if you would use wildcard 00111111 (63 in decimal) then it matches /26, /27, /28, /29 but also /30, /31 and /32.

    It can't be done in one statement but of course you can use multiple statements...just create one for /26, /27, /28 and /29 and you are done.

    Rene

  3. --- "We want to match all subnet masks from /27 to /32 so we use a wildcard of 0.0.0.31. This means the first three octets have to match and the last four bits of the 4th octet. This will allow subnet mask 255.255.255.192, 255.255.255.224, 255.255.255.240, 255.255.255.248, 255.255.255.252, 255.255.255.254 and 255.255.255.255."

    In the above, 255.255.255.192 should be included? Thanks

  4. Hi Shady,

    If you want to enforce one path for outgoing traffic from AS 1 to AS 2 then it's best to influence the attributes. Don't let the router ID decide it. If you want to do this for the entire AS, it's best to configure local preference inbound on R1 and/or R3.

    Rene

Continue the discussion forum.networklessons.com

4 more replies

Participants