01-13-2017 11:02 AM - edited 03-05-2019 07:50 AM
Hi, I'm Tom and I'm a network engineer. I have a few questions about configuration, more specifically for static route redistribution filtering.
I ran across a configuration similar to the following and would like some help in examining it. I'm confused as to why multiple methods are used, via both ACL and prefix-list. Why would you use both an ACL and a prefix list? Won't one or the other do the job here? Can't you specify a subnet range in the ACL? When is it more appropriate to use an ACL, ACL / prefix list, or route map in route redistribution filtering? What is best practice here?
...
router eigrp
redist...
distribute-list this-filter out
distribute-list 75 out
...
ip access-list standard this-filter
ip prefix-list this-filter seq 5 deny 0.0.0.0/0
ip prefix-list this-filter seq 10 permit 10.0.0.0/24
...
access-list 75 deny 172.16.1.1
...
01-13-2017 11:39 AM
Hello
Personally I think Prefix-lists are more granular to match on network ranges and subnet masks than the normal acl as such they are for me preferred over acls for eigrp
res
paul
01-19-2017 12:09 PM
Hi Guys -
I think this is an interesting topic. This is one of those situations where Cisco gives you a lot of different ways of doing the same thing.
I put up this dummy config in the lab to open up the discussion. These are the interfaces I built:
R1#sh ip int brie | ex unas
Interface IP-Address Status Protocol
FastEthernet0/0 1.1.1.1 up up
Loopback10 10.0.10.10 up up
Loopback20 10.0.20.20 up up
Loopback30 10.0.30.30 up up
Loopback40 10.0.40.40 up up
Here are 4 different ways of doing the same task. Is there any performance difference between them?
Standard ACL
ip access-list standard ACL-EIGRP-OUT
permit 10.0.10.0 0.0.0.255
router eigrp 10
distribute-list ACL-EIGRP-OUT out
Extended ACL
! Lab router I'm using doesn't support named extended ACLs directly on distribute list
access-list 101 permit ip any 10.0.20.0 0.0.0.255
router eigrp 10
distribute-list 101 out
Prefix List
ip prefix-list PL-EIGRP-OUT seq 10 permit 10.0.30.0/24
router eigrp 10
distribute-list prefix-list PL-EIGRP-OUT out
Route Map (This isn't 100% fair because the route map can do a lot more than just this and can match on standard ACLs and Prefix Lists also)
ip access-list extended ACL-EIGRP-OUT
permit ip 10.0.40.0 0.0.0.255 any
route-map RM-EIGRP-OUT permit 10
match ip address ACL-EIGRP-OUT
route-map RM-EIGRP-OUT deny 100
router eigrp 10
distribute-list route-map RM-EIGRP-OUT out
Is there a reason why one should be chosen over the other beyond simple personal preference? As stated, the route-map is a little unfair because of it's versatility.
PSC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide