Re: distribute-list x out static ....

From: Huan Pham (pnhuan@yahoo.com)
Date: Sat Nov 29 2008 - 10:03:58 ARST

• Next message: Wouter Prins: "Re: Looking for the best Bootcamp .. Advice is Appreciated"
• Previous message: Itsme Ccie: "Re: Got my CCIE# 22673 last monday!"
• Maybe in reply to: ccie1101: "Re: distribute-list x out static ...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Peter, ccie1101,

Peter is right.

I can see where the confusion comes from. You are not alone. I used to have a wrong interpretation of this command, due to reading or listening to wrong info, I cannot remember what I read/listen, but maybe it's a CoD.

In addition, the IOS syntax for this command is really confusing.

Confusion comes from keyword OUT instead of IN.

From the point of view of IOS developers, the distribute-list is applied on the routing protocol specified after "distribute-list out" command. So if you have something like:

router ospf 1
 distribute-list 77 out rip

Then the ACL 77 is applied to all updates RIP distributed OUT toward OSPF.

This makes it confusing when we have Static as the protocol that originates the route, i.e.

router ospf 1
 distribute-list 77 out static

Static does not use any Updates, doesn't it, so why the keyword OUT is used ????

If Cisco uses IN instead of OUT, and implies that the ACL is applied to all updates INTO one protocol from another, then it makes more sense!

I think, Brian McHagan (IE) was not right about the use of this command, in his post below:

http://forum.internetworkexpert.com/ubbthreads.php/ubb/showflat/Number/5486/page/53

[Quote]

The following configs accomplish the same thing:

router rip
redistribute ospf 1
!
router ospf 1
distribute-list 1 out rip

---------------------------

router rip
redistribute ospf 1 route-map OSPF2RIP
!
route-map OSPF2RIP
match ip address 1

[Unquote]

If you want to read more on the use of this command, please check out this link from Cisco. It explains well.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080208748.shtml#disout

--- On Sat, 11/29/08, ehiwe peter <ccie.in.nigeria@gmail.com> wrote:

> From: ehiwe peter <ccie.in.nigeria@gmail.com>
> Subject: Re: distribute-list x out static ....
> To: "ccie1101" <ccie1101@gmail.com>
> Cc: ccielab@groupstudy.com
> Date: Saturday, November 29, 2008, 9:45 AM
> distribute-list 77 out static command means that any static
> routes
> permitted by acl 77 is allowed to be advertised in routing
> updates
> into another routing domain , when a redistribute static
> command is
> issued.
>
> In your example 10.0.0.2 and 10.0.0.3 will not be
> advertised when a
> redistribute static command is used to send your static
> routes into
> another protocols routing domain but other static routes
> will be
> allowed
>
> On 11/27/08, <ccie1101@gmail.com> wrote:
> > I understand how ACL works. My question is that how do
> we inteprete the
> > command
> >
> > ' distribute-list 77 out static'
> >
> > Thank you.
> >
> > On Thu, Nov 27, 2008 at 2:27 PM, Muhabat Khan
> <muhabat@gmail.com> wrote:
> >
> >> Hi,
> >> no, as per ACL rules, each packet is compared with
> >> ACL entries sequentially. If there is a match
> found then comparing stops
> >> there and ACL is applied. In your case "each
> packet" counts. If first
> >> route
> >> match then it is denied and for other routes this
> comparing starts again
> >> until all the packets are compared against ACL.
> >> HTH
> >>
> >> On Thu, Nov 27, 2008 at 9:21 AM, ccie1101
> <ccie1101@gmail.com> wrote:
> >>
> >>> Hi,
> >>> Can someone explain what is the usage of
> the 'static' command
> >>> when used in conjunction with the distribute
> list ?
> >>>
> >>> I cant' find any explanation abt. this
> commnad on the command
> >>> lookup tool.
> >>>
> >>> If you look at the example below, does this
> mean that it only
> >>> denies any static route that has been defined
> in the ACL ? Meaning it
> >>> denies
> >>> the first static route and allows the 2nd and
> 3rd static routes
> >>> to go through ?
> >>>
> >>>
> >>> distribute-list 77 out static
> >>> !
> >>> !
> >>> access-list 77 deny 10.0.0.2
> >>> access-list 77 deny 10.0.0.3
> >>> access-list 77 permit any
> >>> !
> >>> !
> >>> ip route 10.0.0.2 255.255.255.248
> 192.168.182.2
> >>> ip route 10.0.0.4 255.255.255.248
> 134.251.73.184
> >>> ip route 10.0.0.5 255.255.255.255
> 134.251.254.54
> >>>
> >>>
> >>> Thank you,.
> >>>
> >>>
> >>> Blogs and organic groups at
> http://www.ccie.net
> >>>
> >>>
> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Wouter Prins: "Re: Looking for the best Bootcamp .. Advice is Appreciated"
• Previous message: Itsme Ccie: "Re: Got my CCIE# 22673 last monday!"
• Maybe in reply to: ccie1101: "Re: distribute-list x out static ...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:32 ARST