Reordered named access-list

Unanswered Question

Hi All

I've recently noticed that some routers Reordered named access-list so that Host are at the top of the list following by subnets in numerical order. for example the standard acl is entered as per below and the show access-list commands shows a different sequence

IP access-list standard VTY

permit 169.254.0.0, wildcard bits 0.0.0.255

permit 169.254.1.0, wildcard bits 0.0.0.255

permit 172.20.225.124

permit 172.20.225.225

permit 172.20.226.0, wildcard bits 0.0.0.255

permit 172.24.226.0, wildcard bits 0.0.0.255

permit 192.168.1.0, wildcard bits 0.0.0.255

deny any log

Standard IP access list VTY

30 permit 172.20.225.124

40 permit 172.20.225.225

10 permit 169.254.0.0, wildcard bits 0.0.0.255

20 permit 169.254.1.0, wildcard bits 0.0.0.255 (2 matches)

50 permit 172.20.226.0, wildcard bits 0.0.0.255

60 permit 172.24.226.0, wildcard bits 0.0.0.255

70 permit 192.168.1.0, wildcard bits 0.0.0.255 (2 matches)

80 deny any log

Thanks

Mark

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Wed, 09/12/2007 - 09:03

Mark

I have worked with IOS routers since the early days of release 9. It has consistently been the behavior (though not clearly documented) for standard access lists that IOS reorders the lines of the access list so that any host specific entries are put before any other entries.

So what you are observing is true and it is not a new thing. I think that you will find it in any router where you look and in any version where you look.

HTH

Rick

Actions

This Discussion