RIPv2 Filtering with Extended Access-Lists

The solution for this task doesn't fulfil the requirement as accurately as most of the technology labs. The tasks says that "routes for VLAN 7 and VLAN 9 are accepted only from R1" whereas the solution just stops those routes from being learnt from R3.

If R4's connecton to VLAN 146 was enabled, then the solution wouldn't work as they would be learnt through both of R5's connections to R4

This is what worked for me and still worked when R4's connecton to VLAN 146 was enabled

 

access-list 100 permit ip host 155.1.0.1 host 155.1.7.0

access-list 100 permit ip host 155.1.0.1 host 155.1.9.0

access-list 100 deny   ip any host 155.1.7.0

access-list 100 deny   ip any host 155.1.9.0

access-list 100 permit ip host 155.1.0.3 host 150.1.1.1

access-list 100 permit ip host 155.1.0.3 host 155.1.146.0

access-list 100 deny   ip any host 150.1.1.1

access-list 100 deny   ip any host 155.1.146.0

access-list 100 permit ip any any

 

router rip

 distribute-list 100 in Tunnel0

 distribute-list 100 in e0/1.45


Cheers, Dom[{]

Comments

  • Hi,

    Technically you're right, but at the same time, you're overthinking the task. Prior to starting going through the task, you had to load the initial config for this section and yes, the initial config had R4's vlan 146 is in shutdown mode.

    The task is trying to illustrate how extended ACLs can be used for prefix-filtering, nothing more. Imagine that for this task there is another, third bullet that says : 


    • you are not permitted to modify any routing protocol boundaries state as found in the initial config
    Hopefully this makes more sense now, thanks for your input.

  • Hi,

    Technically you're right, but at the same time, you're overthinking the task. Prior to starting going through the task, you had to load the initial config for this section and yes, the initial config had R4's vlan 146 is in shutdown mode.

    The task is trying to illustrate how extended ACLs can be used for prefix-filtering, nothing more. Imagine that for this task there is another, third bullet that 

    • you are not permitted to modify any routing protocol boundaries state as found in the initial config

     

     

    Hopefully this makes more sense now, thanks for your input.

Sign In or Register to comment.