Re: Difference between Access-list,Distribution-list,Routemap,&
ACL is fairly simple on permit/deny based on source or desgination IP ADD or port number. ACL is used to control the routing updates and its basically or mostly applied in the interfaces.
A distribute-list is used to control routing updates either coming to your router or leaving from your router. Distribute-lists work on a variety of different IOS routing protocols. Now, a distribute list (DL) differs from a basic ACL how? that they will only add/forward a route if it is permitted on the interface with the distribute list filtering in/out traffic.
access-list 1 permit 184.108.40.206 0.255.255.255 router rip distribute-list 1 in
These commands tell a router "if I receive any RIP updates, only add them if they are part of the 1.x.x.x networks. If they aren't do not add them to my routing table"
A route map is like an ACL though, in that it has multiple permit/deny statements. Internal to each statement it has a list of "match" fields with stuff on the same line (i.e. IP x y z) all having to match for it to take action with the "set" commands.
route-map permit 10 match (this) (this) and (this) for the statement to be TRUE OR match (this) and (this)
Could you please explain what is reason why it doesn't work:
I want to setup conditional NAT just to redirect one traffic through ISP1 and another traffic to ISP2. I use route-map with match conditional with ACL, but it doesn't match required traffic (counts in the route-map doesn't increase). If I change ACL match condition to prefix-list -> counts increase!
The second step is configuring NAT conditions:
ip nat inside source route-map ISP1 int gig0/1 overload and
ip nat inside source route-map ISP2 int gig0/1 overload
And in route-map ISP2 i use prefix-list and it doesn't work (there is no translations in NAT), after i change prefix-list to ACL -> translations begin to happen.
Could you please explain the difference?
ip nat inside source route-map TO->ISP1 interface GigabitEthernet0/1 overload ip nat inside source route-map TO->ISP2 interface GigabitEthernet0/0 overload
interface GigabitEthernet0/2 description *** INSIDE *** ip address 10.1.x.x 255.255.255.192 ip policy route-map WiFi_TO_ISP2
route-map WiFi_TO_ISP2, permit, sequence 10 Match clauses: ip address prefix-lists: WiFi_Users Set clauses: ip default next-hop x.x.x.x Policy routing matches: 3110917 packets, 732226412 bytes <-It works only with prefix-list!
route-map WiFi_TO_ISP2, permit, sequence 20 Match clauses: Set clauses: Policy routing matches: 78107 packets, 30482815 bytes
Access-list for NATs
route-map TO->ISP2, permit, sequence 10 Match clauses: ip address (access-lists): 101 <- It's fact, but it works only with ACL! Set clauses: Policy routing matches: 0 packets, 0 bytes
#sh route-map TO->ISP1 route-map TO->ISP1, permit, sequence 10 Match clauses: ip address (access-lists): 100 Set clauses: Policy routing matches: 0 packets, 0 bytes
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...