Re: access-lists vs. prefix-lists

From: Carlos G Mendioroz (tron@huapi.ba.ar)
Date: Tue Mar 15 2005 - 21:59:19 GMT-3

• Next message: Dillon Yang: "Re: tclsh Tips for the lab?"
• Previous message: Capt.Spock: "Re: Form of Workbook"
• Maybe in reply to: John Matus: "access-lists vs. prefix-lists"
• Next in thread: Carlos G Mendioroz: "Re: access-lists vs. prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John,
there are differences, some of wich can be dealt with, but prefix lists
are simpler to use when you are trying to deal with routes.

In your example with ACL 5, your acl would let go:
192.168.1.0/24
192.168.1.0/25
192.168.1.0/26
...
192.168.1.128/25
192.168.1.128/26
...
but the prefix list would only let 192.168.1.0/24.

Some routing protocols do accept extended ACLs to care about masks, like

access-list 105 permit 192.168.1.0 0.0.0.0 255.255.255.0 0.0.0.0

which would be an exact match of the example prefix list.

Hope this helps.

John Matus wrote:
> Prefix-list vs. access-list question
>
> Im a bit confused about the functionality of prefix-lists vs.
> access-lists. While Im aware that prefix-lists seem to have some added
> granularity Im a bit stumped as to when it is best practice to use one
> vs. the other. Here are a few examples of each
>
>
> EXAMPLE 1
> Router os 1
> Default-information originate route-map conditional
> -------------------------------------------
>
> Route-m conditional permit 10
> Match ip address prefix 5
>
> Ip prefix-list 5 permit 192.168.1.0/24
>
> OR
> Route-m conditional permit 10
> Match ip add 5
>
> Access-list 5 permit 192.168.1.0 0.0.0.255
>
> EXAMPLE 2
>
> Router rip
> Redistribute ospf 1 metric 1 route-map o2r
> -------------------------------------------
>
> Route-map o2r permit 10
> Match ip add prefix-list 5
>
> Access-list 5 permit 192.168.1.0 0.0.0.0.255
>
> OR
>
> Route-map o2r permit 10
> Match ip address prefix-list 5
>
> Ip prefix-list 5 permit 192.168.1.0/24
>
> Do both methods accomplish exactly the same thing or is the matching
> mechanism different in access and prefix lists?
>
> _________________________________________________________________
> Dont just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Carlos G Mendioroz  <tron@huapi.ba.ar>  LW7 EQI  Argentina

• Next message: Dillon Yang: "Re: tclsh Tips for the lab?"
• Previous message: Capt.Spock: "Re: Form of Workbook"
• Maybe in reply to: John Matus: "access-lists vs. prefix-lists"
• Next in thread: Carlos G Mendioroz: "Re: access-lists vs. prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:46 GMT-3