11-05-2003 05:00 PM - edited 03-02-2019 11:30 AM
Hi all,
ACLs can be used with port numbers in policy based routing. Does anyone know when/whether the IOS will support prefix lists with port number(s) and IP address range(s). This would be better as prefix lists allow easier management than ACLs.
TIA,
Matthew.
11-06-2003 02:55 PM
I'm not sure this enhancement has ever been requested. Prefix-lists are usually employed to filter ip addresses and not to replace ACLs.
Hope this help.
11-07-2003 06:09 AM
Hi all,
There is fundamental difference between ACL & prefix-list (PLs) one is used for filtering actual data traffic that we can call as payload. Another is used to filter ip routing protocols management traffic.
That ip routing protocol management traffic means that the traffic which advertise routes to each other. So the routes are not any thing related to layer 4 and related to only with layer 3. So there is no any need to PLs are required to specify in terms of this up layer 4 specification.
For the pay load traffic there may be any ones requirement to filter it on layer 4 basis and therefore Cisco provided it to ACLs
Ashman
11-09-2003 02:47 PM
Hi all,
thanks for the distinction between ACls and PLs. Just extending it a little further, are ACLs likely to be enhanced to provide per line editing of an ACL, so that you can remove a single line(s) and add a single line(s)?
cheers,
Matthew/
11-09-2003 06:29 PM
Some bleeding-edge T-train IOS versions now support this: http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.html
11-09-2003 06:46 PM
Any IP extended access-list(Numberd/Named) will allow to change the statements of access-list per stattement basis.
Ex.:I have used ip extended no. access-list 100
( one can use name for the access-list also)
RTR(config)#ip access-list extended 100
RTR(config-ext-nacl)#per ip any any
RTR(config-ext-nacl)#per ip host 10.0.1.1 any
RTR(config-ext-nacl)#deny ip host 10.0.0.2 any
RTR(config-ext-nacl)#^Z
RTR#sh access-list 100
Extended IP access list 100
permit ip any any
permit ip host 10.0.1.1 any
deny ip host 10.0.0.2 any
RTR#conf t
Enter configuration commands, one per line. End
RTR(config-ext-nacl)#no permit ip host 10.0.1.1 any
RTR(config-ext-nacl)#^Z
RTR#sh access-list 100
Extended IP access list 100
permit ip any any
deny ip host 10.0.0.2 any
RTR#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide