[f-nsp] FastIron ACL sequencing
Maxime Baudin
maxime.baudin at univ-mlv.fr
Tue Sep 13 07:10:55 EDT 2011
Le 12/09/2011 17:42, Randy McAnally a écrit :
> Looks like my FESX doesn't support ACL sequencing (like a stone-age Cisco) so
> I'm open for ideas on how to accomplish basic adds to a deny list and moving
> 'allow ip any any' to the end without interrupting traffic.
Hi,
An old workaround : try using 2 ACLs.
The "currently used" (let's called it ACL-128) and the "one to be used"
(ACL-129).
When you have modifications to do, Modify the "one to be used", and then
switch on the interface :
"ip access group ACL-128" to "ip access-group ACL-129"
ACL-128 become the "one to be used next time".
Regards,
Maxime
--
Maxime Baudin - Centre de Ressources Informatiques
Université Paris-Est - Marne-la-Vallée
5,bld Descartes-Champs-sur-Marne-77454 Marne-la-Vallée Cedex2
Tél : 01 60 95 74 55 Fax : 74 60 E-mail :Maxime.Baudin(at)univ-mlv.fr
More information about the foundry-nsp
mailing list