From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Sep 22 2003 - 13:47:46 GMT-3
Daniel,
No, a prefix-list is not an access-list. A prefix-list should
be used, as the name implies, when you are trying to match a routing
prefix. There is rarely a case where you would want to use an
access-list to match a routing prefix. These rare cases include when
you want to match on random bit patterns such as odd/even routes,
prefixes which are factors of 32, etc.
An access-list should be used when you are filtering actual
traffic, such as denying hosts' ability to FTP to server w.x.y.z, etc.
A prefix-list should be used when you are filtering a routing prefix.
This is mainly due to the fact that an access-list cannot be used to
match on prefix-length (subnet mask), but instead matches only on prefix
(network). Or course there are exceptions to every rule, so I must
mention the extended ACL application so I don't get any flames :)
An extended ACL *can* be used to match on a prefix/length pair
when applied to BGP. The syntax is as follows:
Access-list [number] [permit | deny] IP host [prefix] host
[prefix-length]
Example:
Access-list 100 permit ip host 10.0.0.0 host 255.0.0.0
Is synonymous to:
Ip prefix-list 100 permit 10.0.0.0/8
However, the above is legacy syntax, and was only implemented as
a workaround before the prefix-list was supported.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Danny.Andaluz@triaton-na.com
> Sent: Monday, September 22, 2003 10:08 AM
> To: rsg@synergy-networking.co.uk; dansheedy@gmx.net;
> ccielab@groupstudy.com
> Subject: RE: is a prefix-list an access-list
>
> I think this may be something that the proctor would expect you to
know.
> Either it is or it isn't. I've been looking on the web for the answer
to
> this for some time and can't find one.
>
> -----Original Message-----
> From: R&S Groupstudy [mailto:rsg@synergy-networking.co.uk]
> Sent: Monday, September 22, 2003 10:59 AM
> To: 'Daniel Sheedy'; ccielab@groupstudy.com
> Subject: RE: is a prefix-list an access-list
>
>
> If in doubt, ask the proctor
>
> I think you need to ask yourself, is there another way of doing this
> question without using an access-list, and if the answers yes, then
that
> (could be) your solution.
>
> ..... good luck
>
> > -----Original Message-----
> > From: Daniel Sheedy [SMTP:dansheedy@gmx.net]
> > Sent: Monday, September 22, 2003 3:36 PM
> > To: ccielab@groupstudy.com
> > Subject: is a prefix-list an access-list
> >
> > Hi Guys,
> >
> > Trying to get my head around the differences here. Maybe it's just
a
> > matter of semantics, or wording...
> >
> > If we are told in a lab exercise "do not use an access-list", does
> > that rule out a prefix list?
> >
> > Are they one and the same, or totally different animals?
> > I mean, if i put the following, am i technically using an access
list,
> > or not?
> >
> > ip prefix-list loopallow seq 5 permit 192.168.1.0/24
> >
> > route-map loops permit 10
> > match ip address prefix-list loopallow
> >
> > Or is it too close to an access list to risk it?
> >
> > I've had a search through the Doc CD plus a few books, but cant seem
> > to find a deinitive answer about this.
> >
> > Regards,
> >
> > Daniel Sheedy
> >
> > ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> >
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:33 GMT-3