[c-nsp] distribute list for eigrp

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Nov 10 05:14:20 EST 2006 

Just a word of caution: Using extended ACLs as distribute lists has a
different semantic, depending on the routing protocol and direction.
While BGP matches the "source" part of an extended ACL against the
prefix and the "dest" part against the prefix mask, RIP and (IIRC) EIGRP
match the neighbor in the "dest" part.. just do a test with "access-list
100 permit ip any any log" and see what shows up in the log.

If you want/need to match on the prefix length (subnet mask) as well,
please use ip prefix-lists where available.

	oli

cisco-nsp-bounces at puck.nether.net <> wrote on Friday, November 10, 2006
1:15 AM:

> Sure do!  If you try to enter both, you will probably only
> get one entry in
> the ACL since they are one in the same.
> 
> Also, if you enter either of those in, your ACL will probably look
> like this in the config: access-list 55 deny 0.0.0.0
> A host mask is assumed when there is no mask with standard ACLs.
> 
> The actual value of using an extended ACL for route
> redistribution/route filtering is for sequence numbers...makes it
> much easier to 
> put in and pull
> out entries without modifying the whole ACL.
> 
> tv
> ----- Original Message -----
> From: "james edwards" <lists.james.edwards at gmail.com>
> To: <cisco-nsp at puck.nether.net>
> Sent: Thursday, November 09, 2006 4:43 PM
> Subject: Re: [c-nsp] distribute list for eigrp
> 
> 
>> On 11/9/06, Tony Varriale <tvarriale at comcast.net> wrote:
>>> 
>>> So does a standard ACL.  There is no benefit in using an extended
>>> ACL with a
>>> destination address..
>> 
>> 
>> 
>> So both of these match the default route ?
>> 
>> access-list 55 deny 0.0.0.0 0.0.0.0
>> access-list 55 deny host 0.0.0.0
>> 
>> james
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list