Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

configuring distribute-list

Is it possible to configure distribute-list with ip extended access-list or only with ip standard access-list ?

6 REPLIES

Re: configuring distribute-list

We use distribute-list only to allow or supress the networks advertised via a particular interface. Why do you need an extended Acess-list to control that when you know that a specific n/w should be supressed. You can have distribute-list using extended ACL ( as command allows u to set that ) but doesnot make sense to me.....

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800917e3.html#wp1023230

regards,

-amit singh

Re: configuring distribute-list

In addition to my last post.. Just want to update you that Extended NAMED ACLS's are not supported with distribute-list, you can only use numbered ACL.

cn-spare-me01-(config-router)#distribute-list test in

Access-list type conflicts with prior definition

% This command only accepts named standard IP access-lists.

cn-spare-me01-(config-router)#distribute-list test out

Access-list type conflicts with prior definition

% This command only accepts named standard IP access-lists.

cn-spare-me01-(config-router)#

regards,

-amit singh

Hall of Fame Super Silver

Re: configuring distribute-list

I am not sure which routing protocol you were using when you generated your example. There was a thread on one of the forums a while back about using extended access lists to filter routing updates. Using extended access lists has been supported in BGP for a long time. When using an extended access list for controlling BGP routing updates the syntax is different from the usual experience. In filtering BGP it is not source address destination address but is prefix definition and definition of length. This functionality is better done with prefix lists which are a newer and better way to filter BGP updates where you may be concerned not only with the value of the prefix. For example you may want to permit advertisement of 144.144.0.0/16 but deny advertisement of 144.144.0.0/24. A prefix list is the best way to do this but an extended access list can also do it.

Also extended access lists are supported for filtering routing updates in EIGRP.

Having said these things that justify using extended access list for filtering routing updates, I will also say that standard lists are most commonly used and for very good reason. If you have a particular need then an extended access list may help you accomplish it, but for the most part you will be much better off to do your routing update filtering with standard access lists.

HTH

Rick

New Member

Re: configuring distribute-list

That's right. The easiest way to filter not only network address but include network prefix or subnet mask is by using prefix-list.

It is also possible to use extended access-list to filter subnetmask but it not recommended due complexity of the configuration.

Re: configuring distribute-list

Rick,

Thanks for the reply on this... Would be able to give me an example where we can use the extended ACL to filter tha traffic in case of EIGRP. I dont know much about BGP as I havenot study it yet...

regards,

-amit singh

Hall of Fame Super Silver

Re: configuring distribute-list

Amit

My experience of using extended access lists to filter routing updates has been with BGP. I have not myself used extended access lists to filter routing updates in EIGRP (the filtering of routing updates that I have done in EIGRP has been done with standard access lists). It was stated in a discussion on the forum that extended access lists worked in EIGRP and I mentioned it based on that discussion. According to the posting in the discussion the extended access list gave the ability to filter the prefix and the address of the source of the update. I do not have experience to directly support that point.

HTH

Rick

1579
Views
0
Helpful
6
Replies