06-09-2006 12:38 AM - edited 03-03-2019 12:57 PM
what is difference between accesslist, prifix list, distribute list, offset list.
can anybody give me some good link or explanation and where to use means some good examples?
and what is recursive ip address lookup?
dporter
06-09-2006 06:35 AM
An access list is used to restrict traffic going to or coming from a source. A common thing to do with acl is to block traffic that you do not want entering or leaving your network. For example, you normally do not want or need microsoft type traffic coming into your network from the wan (there are some exceptions) so you could do this:
ip access-list extended InternetACL
remark Internet Interface Access List (Inbound and Outbound)
remark Restrict Microsoft Exploited Ports
deny tcp any any eq 135
deny tcp any any eq 136
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 139
deny tcp any any eq 445
deny udp any any eq 135
deny udp any any eq 136
deny udp any any eq netbios-ns
deny udp any any eq netbios-ss
deny udp any any eq 445
then apply it to the inbound on your wan interface.
A prefix list is normally used in BGP to allow certain prefixes to be advertised or received form peers. Example:
ip prefix-list AS65001_IN description Customer-A
ip prefix-list AS65001_IN seq 5 permit 10.1.1.0/24
ip prefix-list AS65001_IN seq 10 permit 10.2.1.0/24
Then this would be applied in the appropriate direction under the bgp neighbor statement:
neighbor 1.1.1.1 prefix-list AS65001_IN in
An offset list is used to adjust the metrics in RIP (hop count).
Hope this helps.
06-10-2006 03:56 AM
access-list are not only used for security reasons.
many of cisco features use ACL in order to match traffic/subnets/type of traffics/qos and many other use ACL (qos, nat, etc)
"An access list is a sequential series of filters. Each filter comprises some sort of matching criteria and an action. The action is always either permit or deny. The matching criteria might be as simple as a source address; alternatively, they might be a more complex combination of source and destination addresses, protocol types, ports or sockets, and specifications of the state of certain flags, such as the TCP ACK bit.""
"prefix list is a newer, more efficient, more intuitive way to identify routes for matching and filtering of routing protocols." Usually used on BGP.
Distribute list is used by routing protocols in order to filter routes from being adverstised to other neighbors or received (distance vector and link-state routing protocols use this command in different way - take care).
Recursive ip address lookup , I believe this is talking about the ability of the routing process to do recursive search in its routing table for a destination.
example:
routes:
1 via IP1
IP1 via IP2
IP2 via serial0
So, when you do a show ip route 1 youd find IP1, then when you do show ip route IP1 you get IP2 and then show ip route IP2 you get a way out. This is done by the routing process,
when you need to go to route 1 it will send you to serial 0 (doing a recursive lookup).
Hope this helps.
vlad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide