cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
310
Views
0
Helpful
2
Replies

difference between

daveporter123
Level 1
Level 1

what is difference between accesslist, prifix list, distribute list, offset list.

can anybody give me some good link or explanation and where to use means some good examples?

and what is recursive ip address lookup?

dporter

2 Replies 2

sean
Level 3
Level 3

An access list is used to restrict traffic going to or coming from a source. A common thing to do with acl is to block traffic that you do not want entering or leaving your network. For example, you normally do not want or need microsoft type traffic coming into your network from the wan (there are some exceptions) so you could do this:

ip access-list extended InternetACL

remark Internet Interface Access List (Inbound and Outbound)

remark Restrict Microsoft Exploited Ports

deny tcp any any eq 135

deny tcp any any eq 136

deny tcp any any eq 137

deny tcp any any eq 138

deny tcp any any eq 139

deny tcp any any eq 445

deny udp any any eq 135

deny udp any any eq 136

deny udp any any eq netbios-ns

deny udp any any eq netbios-ss

deny udp any any eq 445

then apply it to the inbound on your wan interface.

A prefix list is normally used in BGP to allow certain prefixes to be advertised or received form peers. Example:

ip prefix-list AS65001_IN description Customer-A

ip prefix-list AS65001_IN seq 5 permit 10.1.1.0/24

ip prefix-list AS65001_IN seq 10 permit 10.2.1.0/24

Then this would be applied in the appropriate direction under the bgp neighbor statement:

neighbor 1.1.1.1 prefix-list AS65001_IN in

An offset list is used to adjust the metrics in RIP (hop count).

Hope this helps.

vladrac-ccna
Level 5
Level 5

access-list are not only used for security reasons.

many of cisco features use ACL in order to match traffic/subnets/type of traffics/qos and many other use ACL (qos, nat, etc)

"An access list is a sequential series of filters. Each filter comprises some sort of matching criteria and an action. The action is always either permit or deny. The matching criteria might be as simple as a source address; alternatively, they might be a more complex combination of source and destination addresses, protocol types, ports or sockets, and specifications of the state of certain flags, such as the TCP ACK bit.""

"prefix list is a newer, more efficient, more intuitive way to identify routes for matching and filtering of routing protocols." Usually used on BGP.

Distribute list is used by routing protocols in order to filter routes from being adverstised to other neighbors or received (distance vector and link-state routing protocols use this command in different way - take care).

Recursive ip address lookup , I believe this is talking about the ability of the routing process to do recursive search in its routing table for a destination.

example:

routes:

1 via IP1

IP1 via IP2

IP2 via serial0

So, when you do a show ip route 1 youd find IP1, then when you do show ip route IP1 you get IP2 and then show ip route IP2 you get a way out. This is done by the routing process,

when you need to go to route 1 it will send you to serial 0 (doing a recursive lookup).

Hope this helps.

vlad

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco