[f-nsp] FastIron ACL sequencing

Maxime Baudin maxime.baudin at univ-mlv.fr
Tue Sep 13 07:10:55 EDT 2011


Le 12/09/2011 17:42, Randy McAnally a écrit :
> Looks like my FESX doesn't support ACL sequencing (like a stone-age Cisco) so
> I'm open for ideas on how to accomplish basic adds to a deny list and moving
> 'allow ip any any' to the end without interrupting traffic.

Hi,

An old workaround : try using 2 ACLs.

The "currently used" (let's called it ACL-128) and the "one to be used" 
(ACL-129).

When you have modifications to do, Modify the "one to be used", and then 
switch on the interface :

"ip access group ACL-128" to "ip access-group ACL-129"

ACL-128 become the "one to be used next time".

Regards,
Maxime
-- 
Maxime Baudin - Centre de Ressources Informatiques
Université Paris-Est - Marne-la-Vallée
5,bld Descartes-Champs-sur-Marne-77454 Marne-la-Vallée Cedex2
Tél : 01 60 95 74 55  Fax : 74 60  E-mail :Maxime.Baudin(at)univ-mlv.fr




More information about the foundry-nsp mailing list