[c-nsp] Applying ACL
Siva Valliappan
svalliap at cisco.com
Thu May 31 15:35:21 EDT 2007
if you are using a plaform that supports the "config replace" feature,
you could choose to build your new ACL off-line then do a replace of the
partial config with the new ACL... :)
cheers
.siva
On Thu, 31 May 2007, Gert Doering wrote:
> Hi,
>
> On Wed, May 30, 2007 at 01:33:21PM -0700, Kevin Graham wrote:
>> If you are wiping them out, you should always remove them to be safe
>> (even if weren't default-deny behavior when missing, there is an
>> unavoidable window between creation and completion).
>
> Just to correct this small bit: default in IOS for packet ACLs is
> "default-permit" *if the ACL is completely missing*.
>
> But usually you're dead in the water as soon as you copy-and-paste a
> new version of the ACL and the first line gets active, prohibiting any
> further lines to go through...
>
> gert
>
> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany gert at greenie.muc.de
> fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list