[c-nsp] issue with basic access-list reordering
Ziv Leyes
zivl at gilat.net
Thu Jul 8 02:05:22 EDT 2010
I was quite sure that this kind of "bug" was related to having "access-list compiled" option enabled, I never had problems before that
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pete Lumbis
Sent: Wednesday, July 07, 2010 10:17 PM
To: Ruben Alvarez
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] issue with basic access-list reordering
This is part of standard ACL optimization. This optimization completely
disregards comments. It's annoying and a bug was filed eons ago about this
and it was junked as part of expected behavior. See CSCdu55701.
-Pete
On Wed, Jul 7, 2010 at 2:58 PM, Ruben Alvarez <Ruben.Alvarez at nwea.org>wrote:
> Thanks. That sort of worked. I was doing a 'no access-list 10' before I
> added the new list. But this time I reordered them and it worked. So I
> added the remark, added .154, then added .151. weird.
>
> Ruben Alvarez
> Technical Contractor | NWEA
>
> PHONE 503.624.1951 | FAX 503.639.7873
> DIRECT 503.214.4228
>
> NWEA.ORG | Partnering to Help All Kids Learn
>
>
> -----Original Message-----
> From: Gary Buhrmaster [mailto:gary.buhrmaster at gmail.com]
> Sent: Wednesday, July 07, 2010 11:38 AM
> To: Ruben Alvarez
> Subject: Re: [c-nsp] issue with basic access-list reordering
>
> > I wanted to see if anyone knows what's going on with my basic
> access-list. It's really more annoying than anything, but. So I type in
> this list:
> >
> > Rtr (config) #access-list 10 remark NTP access
> > Rtr (config) #access-list 10 permit 10.1.0.151
> > Rtr (config) #access-list 10 permit 10.1.0.154
> > Rtr (config) #exit
> > Rtr#sh run | inc access-list
> > access-list 10 permit 10.1.0.154
> > access-list 10 remark NTP access
> > access-list 10 permit 10.1.0.151
> >
> > Does anyone know why this happens? It's driving me crazy.
>
> Add in a "no access-list 10" before your config
> command.. Your statements are added to the existing
> config, but duplicates are not, and my guess is
> that you had a ....permit 10.1.0.154... before.
> So, start clean with a "no access-list 10".
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
More information about the cisco-nsp
mailing list