This is basically a general knowledge question. I have been working for some time now with ACL's on both routers and on PIX's.
My question is as follows, and it is a little bit old school. I was taught years ago that this was fundamentally the proper course of events to perform when making a change to an existing ACL applied to an interface (this would be on the routers).
Step.1 - We must take the ACL which is applied to the interface...ex. config-if# no acess-group 123 in
Step. - The ACL is then copied out of the config onto Notepad and saved.
Step. 3. The ACL is deleted off of the box.
Step. 4- Changes are made to the ACL on Notepad.
Step 5.- The new ACL is then copied and pasted back to the box in global config
Step. 6 - The new ACL is re-applied to the interface.
I have always followed this methodology when working with ACL's .. this prevents paranoia of taking down a network.
Can someone verify that this is the proper course of action. I came across a young CCIE the other day whom was certain that you did not have to do any of that to implement changes to an ACL while it is applied.
I simply want to know what is correct so I can do the correct action.