access-list and distribut list question

Unanswered Question
Feb 16th, 2008

Hi! Please consider following scene :

XXXXXXXX#sh run int Serial0.19

Building configuration...

Current configuration:


interface Serial0.19 point-to-point



ip access-group 19 in <<<<< ----this one

ip access-group 119 out

no ip redirects

no ip directed-broadcast

no ip proxy-arp

ip accounting output-packets

ip ospf interface-retry 0

frame-relay interface-dlci XXXXXXXXXX


XXXXXX#sh access-l 19

XXXXXX# <<<----- no content in access-list

What effect does it have. Will it allow all incoming traffic or deny all ?

Secondly, this router is running BGP with another one

neighbor XXXXXXX remote-as 64550

neighbor XXXXXXX distribute-list 19 in

Again, 19 is empty. What effect it would have ????

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Sat, 02/16/2008 - 10:42

I am sure of the answer about the effect of ip access-group 19 in when access list 19 is empty. All traffic will be permitted by access-group when the access list referenced is empty.

I am not as sure of the answer about distribute list. I believe that the answer here is also that all prefixes are permitted. If this is on a running router you should be able to look and see if entries learned from that neighbor are in the BGP table and this would answer the question for sure.



shivlu jain Sun, 02/17/2008 - 04:27

Rick is absolutely right. Because when we implemented the distribut list without creating the list by default it permits all the routes and same the case with the ACL. I had tested the distribute list but not the ACL.



vaisharm Mon, 02/18/2008 - 02:13


I just tested both (distribute list & access-group) with no ACL and all prefixes and traffic is permited respectively.

Distribute list (w/o ACL) -> All prefixes allowed

Access-group (w/0 ACL) -> All traffic permitted




This Discussion