Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
0
Helpful
3
Replies

access-list and distribut list question

zanderzone
Level 1
Level 1

‎02-16-2008 10:37 AM - edited ‎03-03-2019 08:44 PM

Hi! Please consider following scene :

XXXXXXXX#sh run int Serial0.19

Building configuration...

Current configuration:

!

interface Serial0.19 point-to-point

description --- XXXXXXXXXXXXXXXXXX

ip address XXXXXXXXXXXXXXX

ip access-group 19 in <<<<< ----this one

ip access-group 119 out

no ip redirects

no ip directed-broadcast

no ip proxy-arp

ip accounting output-packets

ip ospf interface-retry 0

frame-relay interface-dlci XXXXXXXXXX

end

XXXXXX#sh access-l 19

XXXXXX# <<<----- no content in access-list

What effect does it have. Will it allow all incoming traffic or deny all ?

Secondly, this router is running BGP with another one

neighbor XXXXXXX remote-as 64550

neighbor XXXXXXX distribute-list 19 in

Again, 19 is empty. What effect it would have ????

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎02-16-2008 10:42 AM

I am sure of the answer about the effect of ip access-group 19 in when access list 19 is empty. All traffic will be permitted by access-group when the access list referenced is empty.

I am not as sure of the answer about distribute list. I believe that the answer here is also that all prefixes are permitted. If this is on a running router you should be able to look and see if entries learned from that neighbor are in the BGP table and this would answer the question for sure.

HTH

Rick

HTH

Rick
0 Helpful

shivlu jain
Level 5
Level 5

‎02-17-2008 04:27 AM

Rick is absolutely right. Because when we implemented the distribut list without creating the list by default it permits all the routes and same the case with the ACL. I had tested the distribute list but not the ACL.

regards

shivlu

0 Helpful

vaisharm
Cisco Employee
Cisco Employee

‎02-18-2008 02:13 AM

Hi,

I just tested both (distribute list & access-group) with no ACL and all prefixes and traffic is permited respectively.

Distribute list (w/o ACL) -> All prefixes allowed

Access-group (w/0 ACL) -> All traffic permitted

HTH

-Vaibhav

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card