[c-nsp] ACL sorting

Fri Apr 28 04:03:35 EDT 2006

Hi!

On Thu, Apr 27, 2006 at 07:40:57PM +0300, Tassos Chatzithomaoglou wrote:

> Maybe try "Router(config)#ip access-list resequence TEST 10 10", although it 
> most probably looks like a bug ;)

Yeah, sure, it is looks like a bug:

Router#sh ip access-list TEST2
Standard IP access list TEST2
    40 permit 10.0.0.16
    50 permit 10.0.0.32
    20 permit 10.0.0.170
    10 permit 10.0.0.161
    60 permit 10.0.0.180
    30 deny   10.0.0.128, wildcard bits 0.0.0.127
Router#sh run | beg TEST2
ip access-list standard TEST2
 permit 10.0.0.16
 permit 10.0.0.32
 permit 10.0.0.170
 permit 10.0.0.161
 permit 10.0.0.180
 deny   10.0.0.128 0.0.0.127
...
Router#conf t
Router(config)#ip access-list resequence TEST2 10 10
Router(config)#^Z
Router#sh ip access-list TEST2
Standard IP access list TEST2
    10 permit 10.0.0.16
    20 permit 10.0.0.32
    30 permit 10.0.0.170
    40 permit 10.0.0.161
    50 permit 10.0.0.180
    60 deny   10.0.0.128, wildcard bits 0.0.0.127
Router#

Before resequencing ACL was deny 10.0.0.180 host. Now it permited. :/

> Dmitry Kiselev wrote on 27/4/2006 18:40:
> > Hi!
> > 
> > 
> > Is there any way to tell IOS sort ACL using sequence numbers
> > and include them in running-config? (for easy copy/paste ops ;)
> > 
> > 
> > Router#sh run
> > ...
> > !
> > ip access-list standard TEST
> >  permit 10.0.0.12
> >  permit 10.0.0.140
> >  permit 10.0.0.134
> >  permit 10.0.0.205
> >  permit 10.0.0.252
> > ...
> > Router#sh access-lists TEST
> > Standard IP access list TEST
> >     30 permit 10.0.0.12
> >     20 permit 10.0.0.140
> >     50 permit 10.0.0.134
> >     10 permit 10.0.0.205
> >     40 permit 10.0.0.252
> > 
> > 
> > P.S. 3640, 12.3(14)T7  but think it is common bug^W feature

-- 
Dmitry Kiselev