[c-nsp] Access-list Question

Reuben Farrelly reuben-cisco-nsp at reub.net
Wed May 16 03:16:26 EDT 2007


Tony Li wrote:
> On May 15, 2007, at 11:23 PM, Scott Granados wrote:
> 
>> Well can't we don't care bit ourselves around to masking or something
>> consistent?  It is confusing at times although it's interesting to  
>> know
>> that's the origin.
> 
> 
> If it were up to me (it's not ;-), the UI would be extended to accept  
> prefix format as well as the existing format.  Thus, you could type  
> 192.168.1.0 0.0.0.255 or 192.168.1/24.  Note that trying to do  
> something that is NOT backward compatible is just a non-starter.   
> Think of the number of deployed systems out there...
> 
> Tony

How about a global config command like:

ip access-list non-wildcard-acl

which will then accept the new format only, (the non wildcard based one), 
defaulting to OFF so that the old format is the common case and backward 
compatibility is there for those who are used to the old way and those who 
explicitly want the new format can opt in to it?

That way you could appease both sides of the argument without breaking a 
thing...   and even store the config in the old format if need be.

reuben


More information about the cisco-nsp mailing list