[c-nsp] BGP/route-map/acl question/logic...
Peter Rathlev
peter at rathlev.dk
Tue Feb 3 03:48:35 EST 2015
On Tue, 2015-02-03 at 09:30 +0100, Gert Doering wrote:
> It's hard to come up with a really useful example, but given that extended
> ACLs match both on prefix base and netmask with wildcards bits, this is
> more flexibility than you'll ever use without your brain blowing up.
>
> access-list 100 permit 10.0.5.0 0.255.0.0 255.255.255.0 0.0.0.255
>
> "for every /24 out of 10/0 that is 10.x.5.0/24, permit /24../32"
>
> do that with a prefix list :-)
On the other hand, almost all people doing this are doing something
wrong. ;-)
And that's _almost_ all of course. Someone very skilled might have a
legitimate purpose for doing exactly this, but OP (and people like me)
are not among those.
I'd say stick to prefix-lists and then when you can write route-maps in
your sleep from arbitrary policy wishes, but still can't solve a given
problem with prefix-lists _then_ look at using access-lists. :-)
--
Peter
More information about the cisco-nsp
mailing list