1 Application of distribute-list for routing purposes of control
1.configuring distribute-list has two kinds, ws-c2960-48pst-l price one is based on the out direction;one is based on the in direction;
For outbound updates:
Distribute-list {access-list-number | name} out
For inbound updates:
Distribute-list [access-list-number name [route-map map-tag] in | |] [interface-type
Interface-number]
Summary: in distribute-list if you want to influence me "myself" using “in”, influence "others" using “out”.
Supplement: the
knowledge about ACL
Requirements: the following IP address to a
minimum range of match ofstrategy
199.172.000000100.0/24
4
199.172.000000101.0/24
5
199.172.000000110.0/24
6
199.172.000000111.0/24
7
Question:
for the above address how to write ACL? There
are anti mask theiris how much is the most appropriate?
Answer: for
the above address third eight bit aligned with calculation is only for one or 0
All the
above address third eight can be written as: 00000100; converted todecimal 4, anti mask third eight: 00000011 (which is the same for the 0different 1) converted
to decimal 3
All in all, written in standard ACL: access-list 1 permit 199.172.4.0 0.0.3 .0
Example: 199.172.000000000.0/24 0
199.172.000000001.0/24
1
Low
199.172.000000011.0/24
3
199.172.000010000.0/24
16
199.172.000010001.0/24
17
199.172.000010010.0/24
18
199.172.000010011.0/24
19
In this case the first third eight 00000000 0 third eight, anti mask bit is 000010011 or 19, so in the standard
ACL written:
#access-list
1 permit 199.172.0.0 0.0.19 .0
Only in this
way can we guarantee the minimum range filtering, of course, the use of distribute-list earlier to do acl.
Advice: try
to use the ACL application please named ACL, buy ws-c3750x-48t-s because in the larger network if you write a lot of ACL, not convenient to manage, and named ACL can avoid this defect.
http://hometuitionvideo.com/members/manageBlog.php
没有评论:
发表评论