Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
5
Replies

Prefix-List Port matching support

mjae
Level 1
Level 1

‎11-05-2003 05:00 PM - edited ‎03-02-2019 11:30 AM

Hi all,

ACLs can be used with port numbers in policy based routing. Does anyone know when/whether the IOS will support prefix lists with port number(s) and IP address range(s). This would be better as prefix lists allow easier management than ACLs.

TIA,

Matthew.

Labels:
0 Helpful
5 Replies 5

Harold Ritter
Cisco Employee
Cisco Employee

‎11-06-2003 02:55 PM

I'm not sure this enhancement has ever been requested. Prefix-lists are usually employed to filter ip addresses and not to replace ACLs.

Hope this help.

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

ashmanpan
Level 1
Level 1

‎11-07-2003 06:09 AM

Hi all,

There is fundamental difference between ACL & prefix-list (PLs) one is used for filtering actual data traffic that we can call as payload. Another is used to filter ip routing protocols management traffic.

That ip routing protocol management traffic means that the traffic which advertise routes to each other. So the routes are not any thing related to layer 4 and related to only with layer 3. So there is no any need to PLs are required to specify in terms of this up layer 4 specification.

For the pay load traffic there may be any ones requirement to filter it on layer 4 basis and therefore Cisco provided it to ACLs

Ashman

0 Helpful

mjae
Level 1
Level 1
In response to ashmanpan

‎11-09-2003 02:47 PM

Hi all,

thanks for the distinction between ACls and PLs. Just extending it a little further, are ACLs likely to be enhanced to provide per line editing of an ACL, so that you can remove a single line(s) and add a single line(s)?

cheers,

Matthew/

0 Helpful

tbaranski
Level 4
Level 4
In response to mjae

‎11-09-2003 06:29 PM

Some bleeding-edge T-train IOS versions now support this: http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.html

0 Helpful

preddyi
Level 3
Level 3
In response to mjae

‎11-09-2003 06:46 PM

Any IP extended access-list(Numberd/Named) will allow to change the statements of access-list per stattement basis.

Ex.:I have used ip extended no. access-list 100

( one can use name for the access-list also)

RTR(config)#ip access-list extended 100

RTR(config-ext-nacl)#per ip any any

RTR(config-ext-nacl)#per ip host 10.0.1.1 any

RTR(config-ext-nacl)#deny ip host 10.0.0.2 any

RTR(config-ext-nacl)#^Z

RTR#sh access-list 100

Extended IP access list 100

permit ip any any

permit ip host 10.0.1.1 any

deny ip host 10.0.0.2 any

RTR#conf t

Enter configuration commands, one per line. End

RTR(config-ext-nacl)#no permit ip host 10.0.1.1 any

RTR(config-ext-nacl)#^Z

RTR#sh access-list 100

Extended IP access list 100

permit ip any any

deny ip host 10.0.0.2 any

RTR#

0 Helpful
Customers Also Viewed These Support Documents