[[nsp] ACLs]
Chris Davis
chris.davis at computerjobs.com
Fri Feb 28 14:29:43 EST 2003
>If you do this, there is a time window during which the router
>forwards more packets than it should.
>
>Has anybody found an approach which avoids this effect?
>
The approach I just offered is intended to both avoid this effect and afford
easy fallback in the case of a mistake, but it requires the administrative
freedom to change back & forth between access list numbers each time you
edit a list:
1- Capture your ACL 190 and make your changes/additions in your text
editor.
2- Find and replace the ACL number in your text editor to 191 (or some
other number not already in use on the router).
3- Paste the edited ACL with its new number (191 in this example) into your
router.
4- Apply the new ACL 191 to the interface in place of the old ACL 190.
Just be sure to find "list 190" and replace with "list 191" so you don't go
finding & replacing some other 190 in the access list.
-----Original Message-----
From: Florian Weimer [mailto:Weimer at CERT.Uni-Stuttgart.DE]
Sent: Friday, February 28, 2003 2:19 PM
To: Shalosky, Brian K Mr CONT USAREC
Cc: 'Chris Davis'; cisco-nsp at puck.nether.net
Subject: Re: [[nsp] ACLs]
More information about the cisco-nsp
mailing list