Difference between Access-list,Distribution-list,Routemap,& Configurations

Unanswered Question
Balakrishnan Rajvel Tue, 05/11/2010 - 02:58
User Badges:


ACL is fairly simple on permit/deny based on source or desgination IP ADD or port number. ACL is used to control the routing updates and its basically or mostly applied in the interfaces.


A distribute-list is used to control routing updates either coming to your router or leaving from your router. Distribute-lists work on a variety of different IOS routing protocols. Now, a distribute list (DL) differs from a basic ACL how?  that they will only add/forward a route if it is permitted on the interface with the distribute list filtering in/out traffic.


access-list 1 permit
router rip
distribute-list 1 in

These commands tell a router "if I receive any RIP updates, only add them if they are part of the 1.x.x.x networks. If they aren't do not add them to my routing table"

Route Map:

A route map is like an ACL though, in that it has multiple permit/deny statements. Internal to each statement it has a list of "match" fields with stuff on the same line (i.e. IP x y z) all having to match for it to take action with the "set" commands.


route-map permit 10
match (this) (this) and (this) for the statement to be TRUE
match (this) and (this)

IF one the matches is TRUE then

set (metric x)
set (type y)

Vadim Semenov Mon, 04/11/2016 - 06:54
User Badges:

Could you please explain what is reason why it doesn't work:

I want to setup conditional NAT just to redirect one traffic through ISP1 and another traffic to ISP2. I use route-map with match conditional with ACL, but it doesn't match required traffic (counts in the route-map doesn't increase). If I change ACL match condition to prefix-list -> counts increase!

The second step is configuring NAT conditions:

ip nat inside source route-map ISP1 int gig0/1 overload and

ip nat inside source route-map ISP2 int gig0/1 overload

And in route-map ISP2 i use prefix-list and it doesn't work (there is no translations in NAT), after i change prefix-list to ACL -> translations begin to happen.

Could you please explain the difference?

ip nat inside source route-map TO->ISP1 interface GigabitEthernet0/1 overload
ip nat inside source route-map TO->ISP2 interface GigabitEthernet0/0 overload

interface GigabitEthernet0/2
description *** INSIDE ***
ip address 10.1.x.x
ip policy route-map WiFi_TO_ISP2


route-map WiFi_TO_ISP2, permit, sequence 10
Match clauses:
ip address prefix-lists: WiFi_Users
Set clauses:
ip default next-hop x.x.x.x
Policy routing matches: 3110917 packets, 732226412 bytes <-It works only with prefix-list!

route-map WiFi_TO_ISP2, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 78107 packets, 30482815 bytes


Access-list for NATs

route-map TO->ISP2, permit, sequence 10
Match clauses:
ip address (access-lists): 101 <- It's fact, but it works only with ACL!
Set clauses:
Policy routing matches: 0 packets, 0 bytes

#sh route-map TO->ISP1
route-map TO->ISP1, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
Policy routing matches: 0 packets, 0 bytes


#sh ip nat statistics
Total active translations: 1314 (5 static, 1309 dynamic; 1314 extended)
Peak translations: 18610, occurred 5d08h ago
Outside interfaces:
GigabitEthernet0/0, GigabitEthernet0/1
Inside interfaces:
[Id: 5] route-map TO->ISP1 interface GigabitEthernet0/1 refcount 810
[Id: 6] route-map TO->ISP2 interface GigabitEthernet0/0 refcount 494


This Discussion