Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

711

712

713

714

715

716

717

718

719

720

684 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring OSPF

The <source-ip> parameter specifies the source address for the policy. Since this ACL is input to an

OSPF distribution list, the <source-ip> parameter actually is specifying the destination network of

the route.

The <wildcard> parameter specifies the portion of the source address to match against. The

<wildcard> is in dotted-decimal notation (IP address format). It is a four-part value, where each

part is 8 bits (one byte) separated by dots, and each bit is a one or a zero. Each part is a number

ranging from 0 to 255, for example 0.0.0.255. Zeros in the mask mean the packet source address

must match the <source-ip>. Ones mean any value matches. For example, the <source-ip> and

<wildcard> values 4.0.0.0 0.255.255.255 mean that all 4.x.x.x networks match the ACL.

If you want the policy to match on all destination networks, enter any any.

If you prefer to specify the wildcard (mask value) in Classless Interdomain Routing (CIDR) format,

you can enter a forward slash after the IP address, then enter the number of significant bits in the

mask. For example, you can enter the CIDR equivalent of “4.0.0.0 0.255.255.255” as “4.0.0.0/8”.

The CLI automatically converts the CIDR number into the appropriate ACL mask (where zeros

instead of ones are the significant bits) and changes the non-significant portion of the IP address

into zeros.

NOTE

If you enable the software to display IP subnet masks in CIDR format, the mask is saved in the file in

“/<mask-bits>” format. To enable the software to display the CIDR masks, enter the ip

show-subnet-length command at the global CONFIG level of the CLI. You can use the CIDR format

to configure the ACL entry regardless of whether the software is configured to display the masks in

CIDR format.

If you use the CIDR format, the ACL entries appear in this format in the running-config and

startup-config files, but are shown with subnet mask in the display produced by the show ip

access-list command.

Using an extended ACL as input to the distribution list

You can use an extended ACL with an OSPF distribution list to filter OSPF routes based on the

network mask of the destination network.

To use an extended ACL to configure an OSPF distribution list for denying specific routes, enter

commands such as the following.

The first three commands configure an extended ACL that denies routes to any 4.x.x.x destination

network with a 255.255.0.0 network mask and allows all other routes for eligibility to be installed

in the IP route table. The last three commands change the CLI to the OSPF configuration level and

configure an OSPF distribution list that uses the ACL as input. The distribution list prevents routes

to any 4.x.x.x destination network with network mask 255.255.0.0 from entering the IP route table.

The distribution list does not prevent the routes from entering the OSPF database.

Syntax: [no] ip access-list extended <ACL-name> | <ACL-id>

Syntax: deny | permit <ip-protocol> <source-ip> <wildcard> <destination-ip> <wildcard>

PowerConnect(config)# ip access-list extended no_ip

PowerConnect(config-ext-nACL)# deny ip 4.0.0.0 0.255.255.255 255.255.0.0

0.0.255.255

PowerConnect(config-ext-nACL)# permit ip any any

PowerConnect(config-ext-nACL)# exit

PowerConnect(config)# router ospf