cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
246
Views
0
Helpful
1
Replies

ACLs ... to ip or not to ip ....

steven.crutchley
Beginner
Beginner

I'm sure this has been asked before, but it has bugged me for sometime now.

What is the difference between

R1(config)#access-list 12 permit 192.168.6.0 0.0.0.255

and

R1(config)#ip access-list standard 12

R1(config-std-nacl)#permit 192.168.6.0 0.0.0.255
             

Using access-lists with and without the ip keyword has always confused me.

I find that if I use the first method above, the distribute-list command that I use when apply redistribution filters works (distribute-list 12 out ospf 1
). However if I use the second method to create my ACL, the command is accepted but the fitlering fails.

Can someone clarify once and for all the difference between the two and when/why I should use one over another?

1 Reply 1

Reza Sharifi
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

The 2 access-list are the same except with the second one you can actually name the access list instead of using a number.

example:

Switch(config)#ip access-list standard test  

Switch(config-std-nacl)#permit 172.16.1.1             

Switch(config-std-nacl)#permit 172.16.1.2

Switch(config-std-nacl)#permit 172.16.1.3

Switch(config-std-nacl)#do sh access-list test 

Standard IP access list test

    10 permit 172.16.1.1

    30 permit 172.16.1.3

    20 permit 172.16.1.2

Switch(config-std-nacl)#

Not sure why your second one is not filtering correctly.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers