Confused on redistribution practice question

vinbuckvinbuck Member Posts: 785
Was working through practice questions for ROUTE and came across this:

Q. What is the result of the following set of commands

router eigrp 10
redistribute ospf 2 route-map mymap
default-metric 10000 100 255 1 1500

ip access-list extended match-this
permit ip host 192.168.1.0 host 255.255.255.0

route-map mymap deny 10
match ip address match-this

route-map mymap permit 15


I chose..

A) This is not a valid command because the match-this ACL has an invalid host IP address

The "correct" answer is

C) This command filters the specific route for 192.168.1.0 255.255.255.0 and allows all other routes to be redistributed into EIGRP.

It looks like the answer assumes that 255.255.255.0 is the subnet mask for 192.168.1.0 when the ACL defines it as a host IP address. That would make it a Class E address. Am I just missing something?
Cisco was my first networking love, but my "other" router is a Mikrotik...

Comments

  • instant000instant000 Member Posts: 1,745
    Was working through practice questions for ROUTE and came across this:

    Q. What is the result of the following set of commands

    router eigrp 10
    redistribute ospf 2 route-map mymap
    default-metric 10000 100 255 1 1500

    ip access-list extended match-this
    permit ip host 192.168.1.0 host 255.255.255.0

    route-map mymap deny 10
    match ip address match-this

    route-map mymap permit 15

    I chose..

    A) This is not a valid command because the match-this ACL has an invalid host IP address

    The "correct" answer is

    C) This command filters the specific route for 192.168.1.0 255.255.255.0 and allows all other routes to be redistributed into EIGRP.

    It looks like the answer assumes that 255.255.255.0 is the subnet mask for 192.168.1.0 when the ACL defines it as a host IP address. That would make it a Class E address. Am I just missing something?

    That line that begins "permit ip host" appears to be written incorrectly.

    I agree with the answer that you chose.

    With that said, I'm seeing if I can find some route map examples, to corroborate.

    EDIT:

    As I previously said, the problem here (as far as I can determine) is that the ACL is wrongly configured.
    Seems that they could have just used a standard ACL, versus extended, and someone got too trigger happy here or, should have used the "any" keyword

    Example:
    "permit ip 192.168.1.0 0.0.0.255 any"

    Found some information:
    IP Named ACLs

    IP named ACLs were introduced in Cisco IOS Software Release 11.2. This allows standard and extended ACLs to be given names instead of numbers.
    This is the command syntax format for IP named ACLs.
    ip access-list {extended|standard} name
    This is a TCP example:
    {permit|deny} tcp source source-wildcard [operator I]port[/I] destination destination-wildcard [operator I]port[/I] [established] [precedence precedence] [tos tos] [log] [time-range time-range-name]
    This is an example of the use of a named ACL in order to block all traffic except the Telnet connection from host 10.1.1.2 to host 172.16.1.1.
    interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip access-group in_to_out inip access-list extended in_to_out permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I believe when using the ACL for redistribution in this scenario you can use the host keywords as in the question. Lab it up and give it a try.
    An expert is a man who has made all the mistakes which can be made.
  • vinbuckvinbuck Member Posts: 785
    instant000 wrote: »
    That line that begins "permit ip host" appears to be written incorrectly.

    I agree with the answer that you chose.

    With that said, I'm seeing if I can find some route map examples, to corroborate.

    EDIT:

    As I previously said, the problem here (as far as I can determine) is that the ACL is wrongly configured.
    Seems that they could have just used a standard ACL, versus extended, and someone got too trigger happy here or, should have used the "any" keyword

    Example:
    "permit ip 192.168.1.0 0.0.0.255 any"

    Found some information:


    The problem is that technically, 255.255.255.0 isn't an invalid IP address. It is a valid IP in the Class E range. I remember reading somewhere though that most TCP/IP stacks that are written for desktop clients won't process a class E address - so whether or not it is "valid" is debatable. If you try to enter this command into a router, it will take it. What puzzles me is that this command seems to say that all networks between 192.168.1.0 and 255.255.255.0 will be filtered and not redistributed into EIGRP.

    Anyone care to corroborate that?
    Cisco was my first networking love, but my "other" router is a Mikrotik...
  • vinbuckvinbuck Member Posts: 785
    I believe when using the ACL for redistribution in this scenario you can use the host keywords as in the question. Lab it up and give it a try.

    Working on it right now in GNS3 :)
    Cisco was my first networking love, but my "other" router is a Mikrotik...
  • jason_lundejason_lunde Member Posts: 567
    Networker is correct, they syntax in this example is correct. It is the equiv. of:
    ip prefix-list whatever permit 192.168.1.0/24

    You will start getting into these acl's a bit more when you hit BGP pretty hard. If I can grab a link for you real quick I will.
  • jason_lundejason_lunde Member Posts: 567
    The problem is that technically, 255.255.255.0 isn't an invalid IP address. It is a valid IP in the Class E range. I remember reading somewhere though that most TCP/IP stacks that are written for desktop clients won't process a class E address - so whether or not it is "valid" is debatable. If you try to enter this command into a router, it will take it. What puzzles me is that this command seems to say that all networks between 192.168.1.0 and 255.255.255.0 will be filtered and not redistributed into OSPF.

    Anyone care to corroborate that?

    Dont think of it in terms of hosts man...you are filtering networks for a routing protocol. That acl matches exactly 192.168.1.0/24. If you did the acl with 192.168.1.0 0.0.0.255 you could deny anything within 192.168.1.0 with any mask. If say you want to deny someone from advertising you a 192.168.1.0/24 summary and allow the more specific ones you construct your acl like the author did here.
Sign In or Register to comment.