×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACLs ... to ip or not to ip ....

Unanswered Question
Aug 8th, 2012
User Badges:

I'm sure this has been asked before, but it has bugged me for sometime now.


What is the difference between


R1(config)#access-list 12 permit 192.168.6.0 0.0.0.255

and


R1(config)#ip access-list standard 12

R1(config-std-nacl)#permit 192.168.6.0 0.0.0.255
             



Using access-lists with and without the ip keyword has always confused me.


I find that if I use the first method above, the distribute-list command that I use when apply redistribution filters works (distribute-list 12 out ospf 1
). However if I use the second method to create my ACL, the command is accepted but the fitlering fails.


Can someone clarify once and for all the difference between the two and when/why I should use one over another?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Reza Sharifi Wed, 08/08/2012 - 18:49
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

The 2 access-list are the same except with the second one you can actually name the access list instead of using a number.


example:

Switch(config)#ip access-list standard test  

Switch(config-std-nacl)#permit 172.16.1.1             

Switch(config-std-nacl)#permit 172.16.1.2

Switch(config-std-nacl)#permit 172.16.1.3

Switch(config-std-nacl)#do sh access-list test 


Standard IP access list test

    10 permit 172.16.1.1

    30 permit 172.16.1.3

    20 permit 172.16.1.2

Switch(config-std-nacl)#


Not sure why your second one is not filtering correctly.


HTH

Actions

This Discussion