Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

difference between

what is difference between accesslist, prifix list, distribute list, offset list.

can anybody give me some good link or explanation and where to use means some good examples?

and what is recursive ip address lookup?


  • WAN Routing and Switching

Re: difference between

An access list is used to restrict traffic going to or coming from a source. A common thing to do with acl is to block traffic that you do not want entering or leaving your network. For example, you normally do not want or need microsoft type traffic coming into your network from the wan (there are some exceptions) so you could do this:

ip access-list extended InternetACL

remark Internet Interface Access List (Inbound and Outbound)

remark Restrict Microsoft Exploited Ports

deny tcp any any eq 135

deny tcp any any eq 136

deny tcp any any eq 137

deny tcp any any eq 138

deny tcp any any eq 139

deny tcp any any eq 445

deny udp any any eq 135

deny udp any any eq 136

deny udp any any eq netbios-ns

deny udp any any eq netbios-ss

deny udp any any eq 445

then apply it to the inbound on your wan interface.

A prefix list is normally used in BGP to allow certain prefixes to be advertised or received form peers. Example:

ip prefix-list AS65001_IN description Customer-A

ip prefix-list AS65001_IN seq 5 permit

ip prefix-list AS65001_IN seq 10 permit

Then this would be applied in the appropriate direction under the bgp neighbor statement:

neighbor prefix-list AS65001_IN in

An offset list is used to adjust the metrics in RIP (hop count).

Hope this helps.

Re: difference between

access-list are not only used for security reasons.

many of cisco features use ACL in order to match traffic/subnets/type of traffics/qos and many other use ACL (qos, nat, etc)

"An access list is a sequential series of filters. Each filter comprises some sort of matching criteria and an action. The action is always either permit or deny. The matching criteria might be as simple as a source address; alternatively, they might be a more complex combination of source and destination addresses, protocol types, ports or sockets, and specifications of the state of certain flags, such as the TCP ACK bit.""

"prefix list is a newer, more efficient, more intuitive way to identify routes for matching and filtering of routing protocols." Usually used on BGP.

Distribute list is used by routing protocols in order to filter routes from being adverstised to other neighbors or received (distance vector and link-state routing protocols use this command in different way - take care).

Recursive ip address lookup , I believe this is talking about the ability of the routing process to do recursive search in its routing table for a destination.



1 via IP1

IP1 via IP2

IP2 via serial0

So, when you do a show ip route 1 youd find IP1, then when you do show ip route IP1 you get IP2 and then show ip route IP2 you get a way out. This is done by the routing process,

when you need to go to route 1 it will send you to serial 0 (doing a recursive lookup).

Hope this helps.


This widget could not be displayed.