- Dec 26, 2007
- 11,782
- 2
- 76
Please forgive the length and complexity of this post. I am very confused about this, and am looking for some help because our instructor won't (since she has given group 1 the final and I *could* know whats on it). Also distribute list=DL, prefix list=PL, and route map=RM for the rest of this post.
I have a skills final for CCNP BSCI class, and I'm still having issues with ACL's (since they are the building block of the other 2), distribute lists (which seems to be a complex acl basically), and route maps (which are a complete mess to me currently). The issue is 2 fold, one I don't quite remember/get/understand the logic and how they work. Secondly, and more importantly, I'm messing up the commands. Specifically I'm having issues with using these and BGP, but it applies to any kind of redistributed protocol as well.
Most of this post is looking for two things (just gives examples and asks more specific questions) if you don't want to read it. First what is the difference between an ACL, DL, PL, and RM? Secondly, how do I implement them?
So, basic ACL says "for ACL #x, specifically permit or deny source y". Fairly simple.
Now, a distribute list (DL) differs from a basic ACL how? My understanding is that they will only add/forward a route if it is permitted on the interface with the distribute list filtering in/out traffic. For example,
These commands tell a router "if I receive any RIP updates, only add them if they are part of the 1.x.x.x networks. If they aren't do not add them to my routing table" correct? So, if that's the case then DL's differ from ACL's format of "acl # action source", and instead go "acl # action (look for this network/range)" and DL's don't have a "source/destination" but instead the network it applies to?
In the above example, say I wanted to permit more networks, I would just do
This is going to say "When distributing BGP routes out S0/0/0, look at ACL 2 to determine if it should be propagated in routing updates. When distributing BGP routing updates out S0/0/1 look at ACL 1 and only the permitted networks should be advertised" then? Which means that the 3.x.x.x network will be sent in updates out S0/0/0, but not S0/0/1.
So, if I want to control what networks get sent out or added to my routing table I would use a DL.
Route Maps
So, a route map is an ACL that has even more functionality then even a complex ACL might have. A route map is like an ACL though, in that it has multiple permit/deny statements. Internal to each statement it has a list of "match" fields with stuff on the same line (i.e. IP x y z) all having to match for it to take action with the "set" commands. Each line (i.e. IP x, IP y, IP z) work as an OR that says if any of these match, then take the action with the "set" commands. Example:
Now, I can use ACL to match stuff instead of putting in each network. With the earlier ACL's mentioned, could I say "match ACL 2" which would match any of those 3 networks or would I need to put each network as it's on ACL (so ACL 1x=1.x.x.x., 2x=2.x.x.x, etc then put "match ACL 1x, ACL 2x, etc" to match any of those networks)?
Thanks for any help I can get.
I have a skills final for CCNP BSCI class, and I'm still having issues with ACL's (since they are the building block of the other 2), distribute lists (which seems to be a complex acl basically), and route maps (which are a complete mess to me currently). The issue is 2 fold, one I don't quite remember/get/understand the logic and how they work. Secondly, and more importantly, I'm messing up the commands. Specifically I'm having issues with using these and BGP, but it applies to any kind of redistributed protocol as well.
Most of this post is looking for two things (just gives examples and asks more specific questions) if you don't want to read it. First what is the difference between an ACL, DL, PL, and RM? Secondly, how do I implement them?
So, basic ACL says "for ACL #x, specifically permit or deny source y". Fairly simple.
Now, a distribute list (DL) differs from a basic ACL how? My understanding is that they will only add/forward a route if it is permitted on the interface with the distribute list filtering in/out traffic. For example,
access-list 1 permit 1.0.0.0 0.255.255.255
router rip
distribute-list 1 in
These commands tell a router "if I receive any RIP updates, only add them if they are part of the 1.x.x.x networks. If they aren't do not add them to my routing table" correct? So, if that's the case then DL's differ from ACL's format of "acl # action source", and instead go "acl # action (look for this network/range)" and DL's don't have a "source/destination" but instead the network it applies to?
In the above example, say I wanted to permit more networks, I would just do
and repeat that for each network I wanted to permit. Now, say I wanted to permit all networks out S0/0/0, but only some out S0/0/1.Router(config)#access-list 1 permit 2.0.0.0 0.255.255.255
Router(config)#access-list 1 permit 1.0.0.0 0.255.255.255
Router(config)#access-list 1 permit 2.0.0.0 0.255.255.255
Router(config)#access-list 2 permit 1.0.0.0 0.255.255.255
Router(config)#access-list 2 permit 2.0.0.0 0.255.255.255
Router(config)#access-list 2 permit 3.0.0.0 0.255.255.255
Router(config)#router (whatever routing process, in this case use BGP)
Router(config-router)#distribute-list 2 out S0/0/0
Router(config-router)#distribute-list 1 out S0/0/1
This is going to say "When distributing BGP routes out S0/0/0, look at ACL 2 to determine if it should be propagated in routing updates. When distributing BGP routing updates out S0/0/1 look at ACL 1 and only the permitted networks should be advertised" then? Which means that the 3.x.x.x network will be sent in updates out S0/0/0, but not S0/0/1.
So, if I want to control what networks get sent out or added to my routing table I would use a DL.
Route Maps
So, a route map is an ACL that has even more functionality then even a complex ACL might have. A route map is like an ACL though, in that it has multiple permit/deny statements. Internal to each statement it has a list of "match" fields with stuff on the same line (i.e. IP x y z) all having to match for it to take action with the "set" commands. Each line (i.e. IP x, IP y, IP z) work as an OR that says if any of these match, then take the action with the "set" commands. Example:
route-map permit 10
match (this) (this) and (this) for the statement to be TRUE
OR
match (this) and (this)
IF one the matches is TRUE then
set (metric x)
AND
set (type y)
Now, I can use ACL to match stuff instead of putting in each network. With the earlier ACL's mentioned, could I say "match ACL 2" which would match any of those 3 networks or would I need to put each network as it's on ACL (so ACL 1x=1.x.x.x., 2x=2.x.x.x, etc then put "match ACL 1x, ACL 2x, etc" to match any of those networks)?
Thanks for any help I can get.