Solved: Access Lists vs Pefix Lists

figueredo-matute · ‎07-20-2017

Hello.

In which cases should I use ACLs instead of Prefix Lists?

Georg Pauwen · ‎07-21-2017

Hello,

in general, access lists are used to filter traffic, and prefix lists are used to filter routes (commonly used in BGP configurations). An (extended) access lists lets you specify higher layer information such as TCP/UDP ports:

R1(config)#access-list 101 permit ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
pim Protocol Independent Multicast
tcp Transmission Control Protocol
udp User Datagram Protocol

while prefix lists only allow networks and masks:

R1(config)#ip prefix-list BGP_OUT permit ?
A.B.C.D/nn IP prefix <network>/<length>, e.g., 35.0.0.0/8

That is probably the biggest difference...

View solution in original post

Julio E. Moisa · ‎07-21-2017

Hi

There are some few cases where you need to use ACL instead prefix list, for example, modifying administrative distances for specific routes into the routing protocols.

My personal opinion is that prefix list is more robust than ACL, they work similar but PL can provide more details and order and they are able to match specific prefix length or range of prefix lengths.

These links could be useful:

http://rintrum.blogspot.com/2007/10/access-list-vs-prefix-list.html

http://packetlife.net/blog/2010/feb/1/understanding-ip-prefix-lists/

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Georg Pauwen · ‎07-21-2017

Hello,

in general, access lists are used to filter traffic, and prefix lists are used to filter routes (commonly used in BGP configurations). An (extended) access lists lets you specify higher layer information such as TCP/UDP ports:

R1(config)#access-list 101 permit ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
pim Protocol Independent Multicast
tcp Transmission Control Protocol
udp User Datagram Protocol

while prefix lists only allow networks and masks:

R1(config)#ip prefix-list BGP_OUT permit ?
A.B.C.D/nn IP prefix <network>/<length>, e.g., 35.0.0.0/8

That is probably the biggest difference...

Julio E. Moisa · ‎07-21-2017

Hi

There are some few cases where you need to use ACL instead prefix list, for example, modifying administrative distances for specific routes into the routing protocols.

My personal opinion is that prefix list is more robust than ACL, they work similar but PL can provide more details and order and they are able to match specific prefix length or range of prefix lengths.

These links could be useful:

http://rintrum.blogspot.com/2007/10/access-list-vs-prefix-list.html

http://packetlife.net/blog/2010/feb/1/understanding-ip-prefix-lists/

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<