RE: Can I always use access-list with distribute-list?

From: mgreenlee@ipexpert.com
Date: Fri Apr 18 2008 - 01:39:25 ART

• Next message: Thomas Fowles: "Re: When configuring MPLS VPNs, and you accidentally type ipv4"
• Previous message: darth router: "When configuring MPLS VPNs, and you accidentally type ipv4"
• Maybe in reply to: Moses Polalysa: "Can I always use access-list with distribute-list?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

See also the references for matching mask length by using an extended access
list.

Cisco - BGP - Filtering using distribute list with an extended ACL -

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801310cb
.shtml#acclists

Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com
 
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab
Certifications.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tarun
Sent: Thursday, April 17, 2008 10:31 PM
To: Moses Polalysa
Cc: Cisco certification
Subject: Re: Can I always use access-list with distribute-list?

Option 1 - Situation when you can use both a prefix-list & a access-list.

Let's say if you want to match any class C prefix - You can use an
access-list like this for this purpose 'ip access-list 1 permit 192.0.0.0
31.0.0.0' - This would match any class C prefix irrespective of it's subnet
mask length.

The same can be done using a prefix-list 'ip prefix CLASS_C permit
192.0.0.0/3 le 32

Option 2 - Situation when you can use only a prefix-list.

Let's say you want to match only the class C prefixes with a subnet mask of
length 24bits to 32bits - You cannot match on subnet mask length in an
access-list.
The prefix list used in this situation would be 'ip prefix CLASS_C permit
192.0.0.0/3 ge 24 le 32'

Conclusion - Prefix lists are much more stronger than access-lists.

Access-lists can match only on prefix patterns, they do not match the subnet
length at all.
Prefix-lists can match both on prefix patterns & subnet mask length.

http://ccienotes.blogspot.com/2007/08/ip-prefix-list.html

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: Thomas Fowles: "Re: When configuring MPLS VPNs, and you accidentally type ipv4"
• Previous message: darth router: "When configuring MPLS VPNs, and you accidentally type ipv4"
• Maybe in reply to: Moses Polalysa: "Can I always use access-list with distribute-list?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:51 ART