[c-nsp] Applying ACL

Phil Mayers p.mayers at imperial.ac.uk
Fri Jun 1 04:21:39 EDT 2007


Gert Doering wrote:
> Hi,
> 
> On Wed, May 30, 2007 at 01:33:21PM -0700, Kevin Graham wrote:
>> If you are wiping them out, you should always remove them to be safe
>> (even if weren't default-deny behavior when missing, there is an
>> unavoidable window between creation and completion).
> 
> Just to correct this small bit: default in IOS for packet ACLs is 
> "default-permit" *if the ACL is completely missing*.
> 
> But usually you're dead in the water as soon as you copy-and-paste a
> new version of the ACL and the first line gets active, prohibiting any
> further lines to go through...

At least on the 6500 platforms, I believe the defined behaviour for 
named ACLs is that the changes are only applied once you exit the sub-mode?

...which makes it a particular shame that the commands:

no all
abort

...don't exist in that sub-mode.


More information about the cisco-nsp mailing list