Distribute list access list question

DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
Can some one tell me what this access list would be doing?

who would you configure a list to deny "any to any host" and then allow "ip any" what effect does this have.

I am just looking on a router that I have taken over and before I make changes I was wondering why this has been done? Can any one tell me what enabling this will actually be doing?

router ospf 100
 router-id ########
 redistribute connected
 redistribute static subnets route-map STOPUPDATE
 network ####### 0.0.0.1 area 0
 network ######2 0.0.0.1 area 0
 neighbor #######1
 neighbor #######2
 neighbor #######3
 distribute-list 110 in
!
!
access-list 110 deny   ip host 0.0.0.0 host 0.0.0.0
access-list 110 permit ip any any


cheers
  • If you can't explain it simply, you don't understand it well enough. Albert Einstein
  • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.

Comments

  • ingrowningrown Registered Users Posts: 1 ■□□□□□□□□□
    Looks to me like it is just blocking a default route from coming in via OSPF.
  • wavewave Member Posts: 342
    ingrown wrote: »
    Looks to me like it is just blocking a default route from coming in via OSPF.

    I second this.

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • MrBishopMrBishop Member Posts: 229
    Actually, I think its actually blocking its own networks from coming back into the network. The 0.0.0.0 means "this network" so its stopping its own private networks from coming back in.(looping I guess)

    Reference:
    RFC 3330 - Special-Use IPv4 Addresses
    Degrees
    M.S. Internet Engineering | M.S. Information Assurance
    B.S. Information Technology | A.A.S Information Technology
    Certificaions
    Currently pursuing: CCIE R&Sv5
  • networker050184networker050184 Mod Posts: 11,962 Mod
    That's not the case here MrBishop. When you use an extended access-list with the distribute list you specify the network and mask. This 0/0 will match a default route as pointed out by others.
    An expert is a man who has made all the mistakes which can be made.
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Of course now you say it jogs that old memory burried down in there :)

    I tell you this network is so convulted in how its been setup, get fun tidying it all up though.

    Cheers Guys
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • MrBishopMrBishop Member Posts: 229
    I"m going to keep believing that the purpose of this config is to stop any networks that are associated with its connected interfaces to be block from being redistributed(updated) back into the network from other neighbors. I could be wrong but I'm working on finding out the correct answer.
    Degrees
    M.S. Internet Engineering | M.S. Information Assurance
    B.S. Information Technology | A.A.S Information Technology
    Certificaions
    Currently pursuing: CCIE R&Sv5
  • networker050184networker050184 Mod Posts: 11,962 Mod
    You are more than free to believe what you want, but in this instance you are mistaken. Fire up a quick lab in GNS3 and let us know the results!
    An expert is a man who has made all the mistakes which can be made.
  • wavewave Member Posts: 342
    MrBishop wrote: »
    I"m going to keep believing that the purpose of this config is to stop any networks that are associated with its connected interfaces to be block from being redistributed(updated) back into the network from other neighbors. I could be wrong but I'm working on finding out the correct answer.

    If it were do to that the ACL would not include the host parameter. The above statement does an exact match on 0.0.0.0

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
Sign In or Register to comment.