Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
947
Views
0
Helpful
2
Replies

EIGRP Route Redistribution and Common / Best Practices for ACL / Prefix List Filtering

tom.neteng
Level 1
Level 1

‎01-13-2017 11:02 AM - edited ‎03-05-2019 07:50 AM

Hi, I'm Tom and I'm a network engineer.  I have a few questions about configuration, more specifically for static route redistribution filtering.

I ran across a configuration similar to the following and would like some help in examining it.  I'm confused as to why multiple methods are used, via both ACL and prefix-list.  Why would you use both an ACL and a prefix list?  Won't one or the other do the job here?  Can't you specify a subnet range in the ACL?  When is it more appropriate to use an ACL, ACL / prefix list, or route map in route redistribution filtering?  What is best practice here?

...

router eigrp

 redist...

 distribute-list this-filter out

 distribute-list 75 out

...

ip access-list standard this-filter

ip prefix-list this-filter seq 5 deny 0.0.0.0/0

ip prefix-list this-filter seq 10 permit 10.0.0.0/24

...

access-list 75 deny 172.16.1.1

...

Labels:
0 Helpful
2 Replies 2

paul driver
VIP
VIP

‎01-13-2017 11:39 AM

Hello

Personally I think Prefix-lists are more granular to match on network ranges and subnet masks than the normal acl as such they are for me  preferred over acls for eigrp 

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Paul Chapman
Level 4
Level 4
In response to paul driver

‎01-19-2017 12:09 PM

Hi Guys -

I think this is an interesting topic.  This is one of those situations where Cisco gives you a lot of different ways of doing the same thing.

I put up this dummy config in the lab to open up the discussion.  These are the interfaces I built:

R1#sh ip int brie | ex unas
Interface        IP-Address    Status  Protocol
FastEthernet0/0  1.1.1.1       up      up
Loopback10       10.0.10.10    up      up
Loopback20       10.0.20.20    up      up
Loopback30       10.0.30.30    up      up
Loopback40       10.0.40.40    up      up

Here are 4 different ways of doing the same task.  Is there any performance difference between them?

Standard ACL

ip access-list standard ACL-EIGRP-OUT
 permit 10.0.10.0 0.0.0.255
router eigrp 10
 distribute-list ACL-EIGRP-OUT out

Extended ACL

! Lab router I'm using doesn't support named extended ACLs directly on distribute list
access-list 101 permit ip any 10.0.20.0 0.0.0.255
router eigrp 10
 distribute-list 101 out

Prefix List

ip prefix-list PL-EIGRP-OUT seq 10 permit 10.0.30.0/24
router eigrp 10
 distribute-list prefix-list PL-EIGRP-OUT out

Route Map (This isn't 100% fair because the route map can do a lot more than just this and can match on standard ACLs and Prefix Lists also)

ip access-list extended ACL-EIGRP-OUT
 permit ip 10.0.40.0 0.0.0.255 any
route-map RM-EIGRP-OUT permit 10
 match ip address ACL-EIGRP-OUT
route-map RM-EIGRP-OUT deny 100
router eigrp 10
 distribute-list route-map RM-EIGRP-OUT out

Is there a reason why one should be chosen over the other beyond simple personal preference?  As stated, the route-map is a little unfair because of it's versatility.

PSC

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card