[c-nsp] ACL sorting
Saku Ytti
saku+cisco-nsp at ytti.fi
Fri Apr 28 05:02:04 EDT 2006
On (2006-04-28 11:03 +0300), Dmitry Kiselev wrote:
Ok, I'll bite.
> Router#sh ip access-list TEST2
> Standard IP access list TEST2
> 40 permit 10.0.0.16
> 50 permit 10.0.0.32
> 20 permit 10.0.0.170
> 10 permit 10.0.0.161
> 60 permit 10.0.0.180
> 30 deny 10.0.0.128, wildcard bits 0.0.0.127
> Router#sh run | beg TEST2
> ip access-list standard TEST2
> permit 10.0.0.16
> permit 10.0.0.32
> permit 10.0.0.170
> permit 10.0.0.161
> permit 10.0.0.180
> deny 10.0.0.128 0.0.0.127
> ...
> Router#conf t
> Router(config)#ip access-list resequence TEST2 10 10
> Router(config)#^Z
> Router#sh ip access-list TEST2
> Standard IP access list TEST2
> 10 permit 10.0.0.16
> 20 permit 10.0.0.32
> 30 permit 10.0.0.170
> 40 permit 10.0.0.161
> 50 permit 10.0.0.180
> 60 deny 10.0.0.128, wildcard bits 0.0.0.127
> Router#
>
>
> Before resequencing ACL was deny 10.0.0.180 host. Now it permited. :/
Where 10.0.0.180 was deny? From output you gave all I can observe is
annoying cosmetic issue, but nothing that affects ruleset behavior,
10.0.0.180 is permitted in each one.
--
++ytti
More information about the cisco-nsp
mailing list