[c-nsp] BGP/route-map/acl question/logic...
Gert Doering
gert at greenie.muc.de
Tue Feb 3 03:30:21 EST 2015
Hi,
On Tue, Feb 03, 2015 at 08:39:09AM +0100, Lukas Tribus wrote:
> > route-map UPSTREAM_A_IN permit 10
> > match ip address 98
>
> I would strongly suggest to use prefix-lists instead of access-lists, they are
> made on purpose to match prefixes, are a lot easier to use and provide
> much more flexibility.
I can see "easier to use", but more flexibility - actually, no :-)
It's hard to come up with a really useful example, but given that extended
ACLs match both on prefix base and netmask with wildcards bits, this is
more flexibility than you'll ever use without your brain blowing up.
access-list 100 permit 10.0.5.0 0.255.0.0 255.255.255.0 0.0.0.255
"for every /24 out of 10/0 that is 10.x.5.0/24, permit /24../32"
do that with a prefix list :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20150203/dc4e2a1b/attachment-0001.sig>
More information about the cisco-nsp
mailing list