Access-List and Distribute-List

Access-List and Distribute-List
Access-Group in/out and Distribute-List in/out


I have seen examples where they use an Access-List to determine the traffic to be Permitted or Denied, then you go to the interface and they use the Access-group command to alllow in/out the traffic

I also have seen Distribute-List  in /out that does pretty much the same thing. I would like to know where each command differs from other.

Access-group in/out can be used at the interface level only
Distribute-List in/out, at interface level  and global config level


Thank you
jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

asavenerCommented:
https://supportforums.cisco.com/discussion/11555036/difference-between-acl-distribution-list-and-route-map

A distribution list is actually a misnomer and does not really belong here A distribution list is really only a command that uses route-maps or ACLs to perform filtering of routing information advertised or received within a particular routing protocol. It is not a standalone filtering mechanism similar to ACLs/route-map.
0
jskfanAuthor Commented:
I was exactly at that link before I posed the question..
it is a little bit helpful...but they don't elaborate on the difference..for instance  Distribute list can be use the same way as the Access-group  when applied at the Interface level..

I want to know the similarities and the differences between..
Access-Group and Distribute-List
0
asavenerCommented:
Can you provide an example of the distribute list command being used at the interface level?
0
jskfanAuthor Commented:
I meant for Interface ..

http://www.ciscopress.com/articles/article.asp?p=2273507&seqNum=10



Router(config-router)#distribute-list 3 in fastethernet0/0

Creates an incoming distribute list for interface FastEthernet0/0 and refers to ACL 3

Router(config-router)#distribute-list 4 out serial0/0/0

Creates an outgoing distribute list for interface Serial0/0/0 and refers to ACL 4

Router(config-router)#distribute-list 5 out ospf 1

Filters updates advertised from OSPF process ID 1 into EIGRP autonomous system 10 according to ACL 5
0
asavenerCommented:
If you're in the "config-router" context, then you're configuring a routing protocol, not an inteface.  The distribution list is configuring rules for the routing protocol.

Basically you're saying "any routing updates that go out serial/0/0/0 should be filtered by distribution list 4."

So the distribution list is only for managing routing protocols, and which routes are accepted or advertised.


The access-group command is not actually applied to an interface, it is applied to a particular class of traffic transiting the interface.  "IP access-group my_access_list out" says "any ip traffic going out the interface should be checked against access list my_access_list to see whether it is permitted."  Non-IP traffic (Novell traffic, for example) and traffic entering the interface would not be affected by this rule.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.