An access list is used to restrict traffic going to or coming from a source. A common thing to do with acl is to block traffic that you do not want entering or leaving your network. For example, you normally do not want or need microsoft type traffic coming into your network from the wan (there are some exceptions) so you could do this:
ip access-list extended InternetACL
remark Internet Interface Access List (Inbound and Outbound)
remark Restrict Microsoft Exploited Ports
deny tcp any any eq 135
deny tcp any any eq 136
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 139
deny tcp any any eq 445
deny udp any any eq 135
deny udp any any eq 136
deny udp any any eq netbios-ns
deny udp any any eq netbios-ss
deny udp any any eq 445
then apply it to the inbound on your wan interface.
A prefix list is normally used in BGP to allow certain prefixes to be advertised or received form peers. Example:
ip prefix-list AS65001_IN description Customer-A
ip prefix-list AS65001_IN seq 5 permit 10.1.1.0/24
ip prefix-list AS65001_IN seq 10 permit 10.2.1.0/24
Then this would be applied in the appropriate direction under the bgp neighbor statement:
neighbor 184.108.40.206 prefix-list AS65001_IN in
An offset list is used to adjust the metrics in RIP (hop count).
access-list are not only used for security reasons.
many of cisco features use ACL in order to match traffic/subnets/type of traffics/qos and many other use ACL (qos, nat, etc)
"An access list is a sequential series of filters. Each filter comprises some sort of matching criteria and an action. The action is always either permit or deny. The matching criteria might be as simple as a source address; alternatively, they might be a more complex combination of source and destination addresses, protocol types, ports or sockets, and specifications of the state of certain flags, such as the TCP ACK bit.""
"prefix list is a newer, more efficient, more intuitive way to identify routes for matching and filtering of routing protocols." Usually used on BGP.
Distribute list is used by routing protocols in order to filter routes from being adverstised to other neighbors or received (distance vector and link-state routing protocols use this command in different way - take care).
Recursive ip address lookup , I believe this is talking about the ability of the routing process to do recursive search in its routing table for a destination.
1 via IP1
IP1 via IP2
IP2 via serial0
So, when you do a show ip route 1 youd find IP1, then when you do show ip route IP1 you get IP2 and then show ip route IP2 you get a way out. This is done by the routing process,
when you need to go to route 1 it will send you to serial 0 (doing a recursive lookup).
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...