[c-nsp] Applying ACL
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jun 1 04:21:39 EDT 2007
Gert Doering wrote:
> Hi,
>
> On Wed, May 30, 2007 at 01:33:21PM -0700, Kevin Graham wrote:
>> If you are wiping them out, you should always remove them to be safe
>> (even if weren't default-deny behavior when missing, there is an
>> unavoidable window between creation and completion).
>
> Just to correct this small bit: default in IOS for packet ACLs is
> "default-permit" *if the ACL is completely missing*.
>
> But usually you're dead in the water as soon as you copy-and-paste a
> new version of the ACL and the first line gets active, prohibiting any
> further lines to go through...
At least on the 6500 platforms, I believe the defined behaviour for
named ACLs is that the changes are only applied once you exit the sub-mode?
...which makes it a particular shame that the commands:
no all
abort
...don't exist in that sub-mode.
More information about the cisco-nsp
mailing list