beautypg.com

Brocade TurboIron 24X Series Configuration Guide User Manual

Page 667

background image

Brocade TurboIron 24X Series Configuration Guide

633

53-1003053-01

Configuring OSPF

The parameter specifies the source address for the policy. Since this ACL is input to an
OSPF distribution list, the parameter actually is specifying the destination network of
the route.

The parameter specifies the portion of the source address to match against. The
is in dotted-decimal notation (IP address format). It is a four-part value, where each
part is 8 bits (one byte) separated by dots, and each bit is a one or a zero. Each part is a number
ranging from 0 to 255, for example 0.0.0.255. Zeros in the mask mean the packet source address
must match the . Ones mean any value matches. For example, the and
values 10.4.0.0 0.255.255.255 mean that all 10.4.x.x networks match the ACL.

If you want the policy to match on all destination networks, enter any any.

If you prefer to specify the wildcard (mask value) in Classless Interdomain Routing (CIDR) format,
you can enter a forward slash after the IP address, then enter the number of significant bits in the
mask. For example, you can enter the CIDR equivalent of “10.4.0.0 0.255.255.255” as
“10.4.0.0/8”. The CLI automatically converts the CIDR number into the appropriate ACL mask
(where zeros instead of ones are the significant bits) and changes the non-significant portion of the
IP address into zeros.

NOTE

If you enable the software to display IP subnet masks in CIDR format, the mask is saved in the file in
“/” format. To enable the software to display the CIDR masks, enter the ip
show-subnet-length command at the global CONFIG level of the CLI. You can use the CIDR format
to configure the ACL entry regardless of whether the software is configured to display the masks in
CIDR format.

If you use the CIDR format, the ACL entries appear in this format in the running-config and
startup-config files, but are shown with subnet mask in the display produced by the show ip
access-list command.

Using an extended ACL as input to the distribution list
You can use an extended ACL with an OSPF distribution list to filter OSPF routes based on the
network mask of the destination network.

To use an extended ACL to configure an OSPF distribution list for denying specific routes, enter
commands such as the following.

The first three commands configure an extended ACL that denies routes to any 10.4.x.x destination
network with a 255.255.0.0 network mask and allows all other routes for eligibility to be installed
in the IP route table. The last three commands change the CLI to the OSPF configuration level and
configure an OSPF distribution list that uses the ACL as input. The distribution list prevents routes
to any 10.4.x.x destination network with network mask 255.255.0.0 from entering the IP route
table. The distribution list does not prevent the routes from entering the OSPF database.

Syntax: [no] ip access-list extended |

Syntax: deny | permit

TurboIron(config)#ip access-list extended no_ip

TurboIron(config-ext-nACL)#deny ip 10.4.0.0 0.255.255.255 255.255.0.0

0.0.255.255

TurboIron(config-ext-nACL)#permit ip any any

TurboIron(config-ext-nACL)#exit

TurboIron(config)#router ospf

See also other documents in the category Brocade Computer Accessories: