Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Prefix-List Port matching support

Hi all,

ACLs can be used with port numbers in policy based routing. Does anyone know when/whether the IOS will support prefix lists with port number(s) and IP address range(s). This would be better as prefix lists allow easier management than ACLs.

TIA,

Matthew.

5 REPLIES
Cisco Employee

Re: Prefix-List Port matching support

I'm not sure this enhancement has ever been requested. Prefix-lists are usually employed to filter ip addresses and not to replace ACLs.

Hope this help.

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Prefix-List Port matching support

Hi all,

There is fundamental difference between ACL & prefix-list (PLs) one is used for filtering actual data traffic that we can call as payload. Another is used to filter ip routing protocols management traffic.

That ip routing protocol management traffic means that the traffic which advertise routes to each other. So the routes are not any thing related to layer 4 and related to only with layer 3. So there is no any need to PLs are required to specify in terms of this up layer 4 specification.

For the pay load traffic there may be any ones requirement to filter it on layer 4 basis and therefore Cisco provided it to ACLs

Ashman

New Member

Re: Prefix-List Port matching support

Hi all,

thanks for the distinction between ACls and PLs. Just extending it a little further, are ACLs likely to be enhanced to provide per line editing of an ACL, so that you can remove a single line(s) and add a single line(s)?

cheers,

Matthew/

Bronze

Re: Prefix-List Port matching support

New Member

Re: Prefix-List Port matching support

Any IP extended access-list(Numberd/Named) will allow to change the statements of access-list per stattement basis.

Ex.:I have used ip extended no. access-list 100

( one can use name for the access-list also)

RTR(config)#ip access-list extended 100

RTR(config-ext-nacl)#per ip any any

RTR(config-ext-nacl)#per ip host 10.0.1.1 any

RTR(config-ext-nacl)#deny ip host 10.0.0.2 any

RTR(config-ext-nacl)#^Z

RTR#sh access-list 100

Extended IP access list 100

permit ip any any

permit ip host 10.0.1.1 any

deny ip host 10.0.0.2 any

RTR#conf t

Enter configuration commands, one per line. End

RTR(config-ext-nacl)#no permit ip host 10.0.1.1 any

RTR(config-ext-nacl)#^Z

RTR#sh access-list 100

Extended IP access list 100

permit ip any any

deny ip host 10.0.0.2 any

RTR#

139
Views
0
Helpful
5
Replies
CreatePlease login to create content