DIFFERENCE BETWEEN ACL & DISTRIBUTE-LISTS & PASSIVE-INTERFACE
Posted on 2011-10-05
Hi, Ive been reading about these and can practically do these tasks, but although I ask for clarity in my 'explanation', I dont think Im grasping the difference between 'Distribute-list & ACL's. - ?
Ive just been configuring for further understanding with 'RIP v2'
ACL's - Can deny or permit networks, hosts, port or protocols via 'Standard/Extended ACL's' - So why use a 'Distribute-list' as below: (I cant grasp it)!!!!?
Distribute-lists - If a router wishes to block a specific interface, then by adding an 'ACL' but then inputting the 'Distribute-list' command within 'router rip', means that the 'network statement' in question, in 'RIP' does NOT need to be removed as still needs to be advertised via other connected networks via this 'RIP' process!! - I cant spot where Im mis-understanding! ?
Or is Distribute-list also to do with (Not wasting unnecessary cpu resources or Flash memory) etc - As it is an example 'LAB' Im following - ?
Passive-interface -This allows a network to be 'Advertised' to a directly connected network but NOT passed onto others via the 'RIP' process as unnecessary -?
The reason why I explain 'passive-interface' like this is because after adding this command I could still see the network in question on the actual router (as expected) but on the (connected router Not expected) so I also did used command on connected router:
- sh ip route - This still showed me the network that I expected Not to see due to the passive-interface command being added - ?
- sh ip rip database - As the above command did show my Unexpected network I did think maybe (Here) it would NOT show the network in question confirming my explanation, but Im now lost?