jskfan
asked on
Access-List
Any Expert to clarify what the Access List below does ?
R1(config)#access-list 106 permit ip 0.0.0.0 255.255.255.255 255.255.255.192 0.0.0.63
R1(config)#router bgp 1
R1(config-router)#distribu te-list 106 in
Thank you
R1(config)#access-list 106 permit ip 0.0.0.0 255.255.255.255 255.255.255.192 0.0.0.63
R1(config)#router bgp 1
R1(config-router)#distribu
Thank you
Hi
It means all ip-addresses with a subnet ranging from /26 up to /32 are included in acl 106 which are advertised in bgp 1.
Cheers
It means all ip-addresses with a subnet ranging from /26 up to /32 are included in acl 106 which are advertised in bgp 1.
Cheers
Hi
It means all ip-addresses with a subnet ranging from /26 up to /32 are included in acl 106 which are advertised in bgp 1.
Cheers
Thanks for the clarification, I think I got a little confused with the masking.
So this is being used in lieu of a prefix-list to advertise ge 26?
Could you run through the access-list 106?
0.0.0.0 255.255.255.255 will identify the same as "any"?
Then we have the 255.255.255.192 0.0.0.63, would you be happy to explain how the two correspond to the ge 26 range?
I understand that 255.255.255.192 is equal to /26 but am curious about the wildcard following.
Hi
In a extended acl we need to break up this part in two
0.0.0.0 255.255.255.255 and 255.255.255.192 0.0.0.63
Here first part is IP address and second part is about the subnet.
So in English, the IP address is 0.0.0.0 and can have 8bits variance per bit.
About the subnet, 255.255.255.192 is /26 where 255 would be /32. (255-192=63)
So this subnet ranges from 255.255.255.192 up to 255.255.255.255.
Explained in more Cisco language would be.
Bits. 255.255.255.192 would be in hex 11111111.11111111.11111111 .11000000 right?
Now focus on the last octet.
11000000 is equal to 128 64 0 0 0 0 0 0 right? So first two bit reserved for network
So if we focus on the host parts aka the zeros would be 0 0 32 16 8 4 2 1 right? Just add them up!
In a extended acl we need to break up this part in two
0.0.0.0 255.255.255.255 and 255.255.255.192 0.0.0.63
Here first part is IP address and second part is about the subnet.
So in English, the IP address is 0.0.0.0 and can have 8bits variance per bit.
About the subnet, 255.255.255.192 is /26 where 255 would be /32. (255-192=63)
So this subnet ranges from 255.255.255.192 up to 255.255.255.255.
Explained in more Cisco language would be.
Bits. 255.255.255.192 would be in hex 11111111.11111111.11111111
Now focus on the last octet.
11000000 is equal to 128 64 0 0 0 0 0 0 right? So first two bit reserved for network
So if we focus on the host parts aka the zeros would be 0 0 32 16 8 4 2 1 right? Just add them up!
Thanks Patrick, Much appreciated.
I'm assuming that the use of access-lists over prefix-lists in this case may be due to IOS version, or simply preference?
For example, would "ip prefix-list 10 permit 0.0.0.0/0 ge 26" accomplish the same function, when applied with "distribute-list prefix 10 in"?
Apologies for semi-sabotaging this question.
I'm assuming that the use of access-lists over prefix-lists in this case may be due to IOS version, or simply preference?
For example, would "ip prefix-list 10 permit 0.0.0.0/0 ge 26" accomplish the same function, when applied with "distribute-list prefix 10 in"?
Apologies for semi-sabotaging this question.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for Multi tasking Patrick (:-)
Chris hijacked the question
Well I know 255.255.255.192 is /26
but where does it say /26 to /32 ?
Chris hijacked the question
Well I know 255.255.255.192 is /26
but where does it say /26 to /32 ?
255.255.255.192 0.0.0.63 means /26 to /32
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This 255.255.255.192 : means /26
and this also
0.0.0.63 : means /26
which one is /32 ?
0.0.0.0 255.255.255.255 : this say permit any Network
and this also
0.0.0.63 : means /26
which one is /32 ?
0.0.0.0 255.255.255.255 : this say permit any Network
Do you understand the basic off subnetting and the difference between bits aasigned to the network and bits aasigned to the hosts or in thus case the variance?
And did you read my explanation to chris about bits to hex?
If yes, do you understand the principle?
If not i will try to explain it later. Me and the misses are in a restaurant.
Cheers
And did you read my explanation to chris about bits to hex?
If yes, do you understand the principle?
If not i will try to explain it later. Me and the misses are in a restaurant.
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
JSKFan,
You might want to look at the following:
VLSM (Variable length subnet masking):
https://technet.microsoft.com/en-us/library/cc958815.aspx
Configuring IP access-lists:
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
Wildcard masks:
https://en.wikipedia.org/wiki/Wildcard_mask
A /26 prefix would give a subnet mask of 255.255.255.192 and a wildcard mask is the inverse 0.0.0.63 (a neat trick to work out the inverse is to work out 255 minus the subnet octet (255 - 255 = 0) so 0.0.0. and then the final octet is (255 - 192 = 63) 0.0.0.63
This tool is pretty useful for subnetting and wildcards:
http://www.subnet-calculator.com/
Learning the binary rules can be very useful indeed in subnetting and therefore most aspects of networking.
Regards
You might want to look at the following:
VLSM (Variable length subnet masking):
https://technet.microsoft.com/en-us/library/cc958815.aspx
Configuring IP access-lists:
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
Wildcard masks:
https://en.wikipedia.org/wiki/Wildcard_mask
A /26 prefix would give a subnet mask of 255.255.255.192 and a wildcard mask is the inverse 0.0.0.63 (a neat trick to work out the inverse is to work out 255 minus the subnet octet (255 - 255 = 0) so 0.0.0. and then the final octet is (255 - 192 = 63) 0.0.0.63
This tool is pretty useful for subnetting and wildcards:
http://www.subnet-calculator.com/
Learning the binary rules can be very useful indeed in subnetting and therefore most aspects of networking.
Regards
ASKER
Well explained Craig. the /32 is on this one:
192+63 gives us 255
192+63 gives us 255
ASKER
Thank you
The access-list allows ANY source (0.0.0.0 255.255.255.255) traffic using IP (Internet protocol) to the destination 255.255.255.192 with netmask 255.255.255.192. This statement doesn't make sense to me as 255.255.255.192 is a subnet mask and not a likely destination address. The 0.0.0.63 is a wildcard address (the inverse of a netmask).
There is an implicit deny statement at the end of your access-list, so all traffic not included in the permit statement will not be routed using BGP. It would seem to me that all routes are being filtered
It would seem to me that the commands you show allow for any address to be routed to any address in the range 255.255.255.192 - 255.255.255.255, and all else will not be routed. (I suspect nothing would be routed using BGP AS 1 because of this list.)
I have noticed that your BGP number is 1, this should be the autonomous system (AS) number, as BGP is an external gateway protocol, it's important to make sure that this AS number is correct.