Extended access-list for filtering network Help

hi

I am trying to use extended access-list for filtering the specific network.

R3 have 3 loopback add with 199.172.1.1,199.172.2.1 ,199.172.3.1 ( with all 24 subnet mask), I am trying to just allow 199.172.2.0 filtering for 199.172.1.0 & 199.172.3.0 network.

Two RIP router running Ver 2

R2 =========R3

f1/0                f0/0

following config :

R2

interface FastEthernet1/0
 ip address 172.16.23.2 255.255.255.0
 duplex auto
 speed auto
end

router rip
 version 2
 network 172.16.0.0
 distribute-list 100 in FastEthernet1/0
 no auto-summary

Extended IP access list 100
    10 permit ip host 199.172.2.0 host 255.255.255.0 log

=============================================

R1

R3#sh run int lo1
Building configuration...

interface Loopback1
 ip address 199.172.1.1 255.255.255.0
end


interface Loopback2
 ip address 199.172.2.1 255.255.255.0
end

interface Loopback3
 ip address 199.172.3.1 255.255.255.0 

router rip
 version 2
 network 172.16.0.0
 network 199.172.1.0
 network 199.172.2.0
 network 199.172.3.0
 no auto-summary

===================================

I know doing some fundamentally wrong. currently everything is block , if i remove access-list all the route appears fine.

Thank you

Viral Patel

 

 

 

Comments

  • i would use standard ACL access-list 1 permit host 199.172.2.0.

    hi

    I am trying to use extended access-list for filtering the specific network.

    R3 have 3 loopback add with 199.172.1.1,199.172.2.1 ,199.172.3.1 ( with all 24 subnet mask), I am trying to just allow 199.172.2.0 filtering for 199.172.1.0 & 199.172.3.0 network.

    Two RIP router running Ver 2

    R2 =========R3

    f1/0                f0/0

    following config :

    R2

    interface FastEthernet1/0
     ip address 172.16.23.2 255.255.255.0
     duplex auto
     speed auto
    end

    router rip
     version 2
     network 172.16.0.0
     distribute-list 100 in FastEthernet1/0
     no auto-summary

    Extended IP access list 100
        10 permit ip host 199.172.2.0 host 255.255.255.0 log

    =============================================

    R1

    R3#sh run int lo1
    Building configuration...

    interface Loopback1
     ip address 199.172.1.1 255.255.255.0
    end


    interface Loopback2
     ip address 199.172.2.1 255.255.255.0
    end

    interface Loopback3
     ip address 199.172.3.1 255.255.255.0 

    router rip
     version 2
     network 172.16.0.0
     network 199.172.1.0
     network 199.172.2.0
     network 199.172.3.0
     no auto-summary

    ===================================

    I know doing some fundamentally wrong. currently everything is block , if i remove access-list all the route appears fine.

    Thank you

    Viral Patel

     

     

     


  • Hi Vilpatel

    The Extended Access-list syntax you are using is used to filter BGP Routes.

    To Filter RIP routes using an extended access-list there is an undocumented method where you match the route source in the source field and route prefix in the destination field.

    So your acl must be like this


    Extended IP access list 100
        10 permit ip host 172.16.23.3 host 199.172.2.0 log

     

    HTH,

    Zeeshan

  • Thanks Dmitriy, But this is Part of lab where I am forced to use Extended Access-list .

    It's Specifically asking me to use Extended access-list . I just wanted to make sure my extended access-list logic is right.

    Funny thing is that Just for sake I use same access-list for bgp & it worked fine. I was looking for all possible optoin in case I was prohibited to use standard access-list.

    Thank you

  • Thank you Zeeshan, I just tested this.

    Everyday you learn something New.

Sign In or Register to comment.