Solved

Access-List and Distribute-List

Posted on 2016-08-02
5
56 Views
Last Modified: 2016-08-07
Access-List and Distribute-List
Access-Group in/out and Distribute-List in/out


I have seen examples where they use an Access-List to determine the traffic to be Permitted or Denied, then you go to the interface and they use the Access-group command to alllow in/out the traffic

I also have seen Distribute-List  in /out that does pretty much the same thing. I would like to know where each command differs from other.

Access-group in/out can be used at the interface level only
Distribute-List in/out, at interface level  and global config level


Thank you
0
Comment
Question by:jskfan
  • 3
  • 2
5 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 41739492
https://supportforums.cisco.com/discussion/11555036/difference-between-acl-distribution-list-and-route-map

A distribution list is actually a misnomer and does not really belong here A distribution list is really only a command that uses route-maps or ACLs to perform filtering of routing information advertised or received within a particular routing protocol. It is not a standalone filtering mechanism similar to ACLs/route-map.
0
 

Author Comment

by:jskfan
ID: 41739547
I was exactly at that link before I posed the question..
it is a little bit helpful...but they don't elaborate on the difference..for instance  Distribute list can be use the same way as the Access-group  when applied at the Interface level..

I want to know the similarities and the differences between..
Access-Group and Distribute-List
0
 
LVL 28

Expert Comment

by:asavener
ID: 41739760
Can you provide an example of the distribute list command being used at the interface level?
0
 

Author Comment

by:jskfan
ID: 41740607
I meant for Interface ..

http://www.ciscopress.com/articles/article.asp?p=2273507&seqNum=10



Router(config-router)#distribute-list 3 in fastethernet0/0

Creates an incoming distribute list for interface FastEthernet0/0 and refers to ACL 3

Router(config-router)#distribute-list 4 out serial0/0/0

Creates an outgoing distribute list for interface Serial0/0/0 and refers to ACL 4

Router(config-router)#distribute-list 5 out ospf 1

Filters updates advertised from OSPF process ID 1 into EIGRP autonomous system 10 according to ACL 5
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 41740897
If you're in the "config-router" context, then you're configuring a routing protocol, not an inteface.  The distribution list is configuring rules for the routing protocol.

Basically you're saying "any routing updates that go out serial/0/0/0 should be filtered by distribution list 4."

So the distribution list is only for managing routing protocols, and which routes are accepted or advertised.


The access-group command is not actually applied to an interface, it is applied to a particular class of traffic transiting the interface.  "IP access-group my_access_list out" says "any ip traffic going out the interface should be checked against access list my_access_list to see whether it is permitted."  Non-IP traffic (Novell traffic, for example) and traffic entering the interface would not be affected by this rule.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
nexus filter logs 3 44
clear arp 1 29
Cisco WAP POE power 28 78
DMVPN Spoke Connectivity Issue 1 25
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question