Confused on redistribution practice question

vinbuck

Was working through practice questions for ROUTE and came across this:

Q. What is the result of the following set of commands

router eigrp 10
redistribute ospf 2 route-map mymap
default-metric 10000 100 255 1 1500

ip access-list extended match-this
permit ip host 192.168.1.0 host 255.255.255.0

route-map mymap deny 10
match ip address match-this

route-map mymap permit 15

I chose..

A) This is not a valid command because the match-this ACL has an invalid host IP address

The "correct" answer is

C) This command filters the specific route for 192.168.1.0 255.255.255.0 and allows all other routes to be redistributed into EIGRP.

It looks like the answer assumes that 255.255.255.0 is the subnet mask for 192.168.1.0 when the ACL defines it as a host IP address. That would make it a Class E address. Am I just missing something?

instant000

MississippiGuardsman wrote: »

Was working through practice questions for ROUTE and came across this:

Q. What is the result of the following set of commands

router eigrp 10
redistribute ospf 2 route-map mymap
default-metric 10000 100 255 1 1500

ip access-list extended match-this
permit ip host 192.168.1.0 host 255.255.255.0

route-map mymap deny 10
match ip address match-this

route-map mymap permit 15

I chose..

A) This is not a valid command because the match-this ACL has an invalid host IP address

The "correct" answer is

C) This command filters the specific route for 192.168.1.0 255.255.255.0 and allows all other routes to be redistributed into EIGRP.

It looks like the answer assumes that 255.255.255.0 is the subnet mask for 192.168.1.0 when the ACL defines it as a host IP address. That would make it a Class E address. Am I just missing something?

That line that begins "permit ip host" appears to be written incorrectly.

I agree with the answer that you chose.

With that said, I'm seeing if I can find some route map examples, to corroborate.

EDIT:

As I previously said, the problem here (as far as I can determine) is that the ACL is wrongly configured.
Seems that they could have just used a standard ACL, versus extended, and someone got too trigger happy here or, should have used the "any" keyword

Example:
"permit ip 192.168.1.0 0.0.0.255 any"

Found some information:

IP Named ACLs

IP named ACLs were introduced in Cisco IOS Software Release 11.2. This allows standard and extended ACLs to be given names instead of numbers.
This is the command syntax format for IP named ACLs.

ip access-list {extended|standard} name

This is a TCP example:

{permit|deny} tcp source source-wildcard [operator I]port[/I] destination destination-wildcard [operator I]port[/I] [established] [precedence precedence] [tos tos] [log] [time-range time-range-name]

This is an example of the use of a named ACL in order to block all traffic except the Telnet connection from host 10.1.1.2 to host 172.16.1.1.

interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip access-group in_to_out inip access-list extended in_to_out permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet

Source: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#ipnamacl

networker050184

I believe when using the ACL for redistribution in this scenario you can use the host keywords as in the question. Lab it up and give it a try.

vinbuck

instant000 wrote: »

That line that begins "permit ip host" appears to be written incorrectly.

I agree with the answer that you chose.

With that said, I'm seeing if I can find some route map examples, to corroborate.

EDIT:

As I previously said, the problem here (as far as I can determine) is that the ACL is wrongly configured.
Seems that they could have just used a standard ACL, versus extended, and someone got too trigger happy here or, should have used the "any" keyword

Example:
"permit ip 192.168.1.0 0.0.0.255 any"

Found some information:

Source: Configuring IP Access Lists - Cisco Systems

The problem is that technically, 255.255.255.0 isn't an invalid IP address. It is a valid IP in the Class E range. I remember reading somewhere though that most TCP/IP stacks that are written for desktop clients won't process a class E address - so whether or not it is "valid" is debatable. If you try to enter this command into a router, it will take it. What puzzles me is that this command seems to say that all networks between 192.168.1.0 and 255.255.255.0 will be filtered and not redistributed into EIGRP.

Anyone care to corroborate that?

vinbuck

networker050184 wrote: »

I believe when using the ACL for redistribution in this scenario you can use the host keywords as in the question. Lab it up and give it a try.

Working on it right now in GNS3

jason_lunde

Networker is correct, they syntax in this example is correct. It is the equiv. of:
ip prefix-list whatever permit 192.168.1.0/24

You will start getting into these acl's a bit more when you hit BGP pretty hard. If I can grab a link for you real quick I will.

jason_lunde

MississippiGuardsman wrote: »

The problem is that technically, 255.255.255.0 isn't an invalid IP address. It is a valid IP in the Class E range. I remember reading somewhere though that most TCP/IP stacks that are written for desktop clients won't process a class E address - so whether or not it is "valid" is debatable. If you try to enter this command into a router, it will take it. What puzzles me is that this command seems to say that all networks between 192.168.1.0 and 255.255.255.0 will be filtered and not redistributed into OSPF.

Anyone care to corroborate that?

Dont think of it in terms of hosts man...you are filtering networks for a routing protocol. That acl matches exactly 192.168.1.0/24. If you did the acl with 192.168.1.0 0.0.0.255 you could deny anything within 192.168.1.0 with any mask. If say you want to deny someone from advertising you a 192.168.1.0/24 summary and allow the more specific ones you construct your acl like the author did here.