Hi,

I have a problem to filter routes with an extended access-list.
I would like that the access-list only allow the aggregate route
(10.0.3.0/26) to pass the filter (all subnets int the aggregate must be
blocked).
(I have already see such configuration in the book 'Internet Routing
Architecture' second edition page 314).

If I use the prefix list, it works fine (only the aggregate is
advertised).
If I use the access-list 100 or 110, everything is blocked !!!

What's wrong in my config ???

Thanks a lot for your help.

Here 's the config
interface Loopback0
ip address 10.0.3.33 255.255.255.224
!
interface Loopback1
ip address 10.0.3.65 255.255.255.224
!
interface FastEthernet0/0
ip address 10.0.2.131 255.255.255.192
!
router rip
version 2
redistribute static
network 10.0.0.0
distribute-list prefix PL out FastEthernet0/0
or
distribute-list 100 out FastEthernet0/0
or
distribute-list 110 out FastEthernet0/0
!
ip classless
ip route 10.0.3.0 255.255.255.192 Null0
no ip http server
!
!
ip prefix-list PL seq 5 permit 10.0.3.0/26
access-list 100 permit ip host 10.0.3.0 host 255.255.255.192
access-list 110 permit ip 10.0.3.0 0.0.0.63 host 255.255.255.192

Report this post to a moderator