Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACLs ... to ip or not to ip ....

I'm sure this has been asked before, but it has bugged me for sometime now.

What is the difference between

R1(config)#access-list 12 permit 192.168.6.0 0.0.0.255

and

R1(config)#ip access-list standard 12

R1(config-std-nacl)#permit 192.168.6.0 0.0.0.255
             

Using access-lists with and without the ip keyword has always confused me.

I find that if I use the first method above, the distribute-list command that I use when apply redistribution filters works (distribute-list 12 out ospf 1
). However if I use the second method to create my ACL, the command is accepted but the fitlering fails.

Can someone clarify once and for all the difference between the two and when/why I should use one over another?

Everyone's tags (2)
1 REPLY
VIP Super Bronze

ACLs ... to ip or not to ip ....

The 2 access-list are the same except with the second one you can actually name the access list instead of using a number.

example:

Switch(config)#ip access-list standard test  

Switch(config-std-nacl)#permit 172.16.1.1             

Switch(config-std-nacl)#permit 172.16.1.2

Switch(config-std-nacl)#permit 172.16.1.3

Switch(config-std-nacl)#do sh access-list test 

Standard IP access list test

    10 permit 172.16.1.1

    30 permit 172.16.1.3

    20 permit 172.16.1.2

Switch(config-std-nacl)#

Not sure why your second one is not filtering correctly.

HTH

174
Views
0
Helpful
1
Replies
CreatePlease to create content