Solved

Access-List and Distribute-List

Posted on 2016-08-02
5
82 Views
Last Modified: 2016-08-07
Access-List and Distribute-List
Access-Group in/out and Distribute-List in/out


I have seen examples where they use an Access-List to determine the traffic to be Permitted or Denied, then you go to the interface and they use the Access-group command to alllow in/out the traffic

I also have seen Distribute-List  in /out that does pretty much the same thing. I would like to know where each command differs from other.

Access-group in/out can be used at the interface level only
Distribute-List in/out, at interface level  and global config level


Thank you
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 41739492
https://supportforums.cisco.com/discussion/11555036/difference-between-acl-distribution-list-and-route-map

A distribution list is actually a misnomer and does not really belong here A distribution list is really only a command that uses route-maps or ACLs to perform filtering of routing information advertised or received within a particular routing protocol. It is not a standalone filtering mechanism similar to ACLs/route-map.
0
 

Author Comment

by:jskfan
ID: 41739547
I was exactly at that link before I posed the question..
it is a little bit helpful...but they don't elaborate on the difference..for instance  Distribute list can be use the same way as the Access-group  when applied at the Interface level..

I want to know the similarities and the differences between..
Access-Group and Distribute-List
0
 
LVL 28

Expert Comment

by:asavener
ID: 41739760
Can you provide an example of the distribute list command being used at the interface level?
0
 

Author Comment

by:jskfan
ID: 41740607
I meant for Interface ..

http://www.ciscopress.com/articles/article.asp?p=2273507&seqNum=10



Router(config-router)#distribute-list 3 in fastethernet0/0

Creates an incoming distribute list for interface FastEthernet0/0 and refers to ACL 3

Router(config-router)#distribute-list 4 out serial0/0/0

Creates an outgoing distribute list for interface Serial0/0/0 and refers to ACL 4

Router(config-router)#distribute-list 5 out ospf 1

Filters updates advertised from OSPF process ID 1 into EIGRP autonomous system 10 according to ACL 5
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 41740897
If you're in the "config-router" context, then you're configuring a routing protocol, not an inteface.  The distribution list is configuring rules for the routing protocol.

Basically you're saying "any routing updates that go out serial/0/0/0 should be filtered by distribution list 4."

So the distribution list is only for managing routing protocols, and which routes are accepted or advertised.


The access-group command is not actually applied to an interface, it is applied to a particular class of traffic transiting the interface.  "IP access-group my_access_list out" says "any ip traffic going out the interface should be checked against access list my_access_list to see whether it is permitted."  Non-IP traffic (Novell traffic, for example) and traffic entering the interface would not be affected by this rule.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month8 days, 21 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question