[c-nsp] BGP/route-map/acl question/logic...
Lukas Tribus
luky-37 at hotmail.com
Tue Feb 3 03:55:47 EST 2015
> I can see "easier to use", but more flexibility - actually, no :-)
>
> It's hard to come up with a really useful example, but given that extended
> ACLs match both on prefix base and netmask with wildcards bits, this is
> more flexibility than you'll ever use without your brain blowing up.
>
> access-list 100 permit 10.0.5.0 0.255.0.0 255.255.255.0 0.0.0.255
>
> "for every /24 out of 10/0 that is 10.x.5.0/24, permit /24../32"
>
> do that with a prefix list :-)
Yes, extended ACLs are more flexible, but not very easy on the eyes.
We are supposed to read, understand and find issues in those configurations
at 03 o'clock in the morning and I don't see this happening with extended ACLs.
Unless you have such a specific requirement like the one above, prefix-lists
are the better tool to do this job.
More information about the cisco-nsp
mailing list