cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
527
Views
0
Helpful
2
Replies

Reordered named access-list

mark
Level 1
Level 1

Hi All

I've recently noticed that some routers Reordered named access-list so that Host are at the top of the list following by subnets in numerical order. for example the standard acl is entered as per below and the show access-list commands shows a different sequence

IP access-list standard VTY

permit 169.254.0.0, wildcard bits 0.0.0.255

permit 169.254.1.0, wildcard bits 0.0.0.255

permit 172.20.225.124

permit 172.20.225.225

permit 172.20.226.0, wildcard bits 0.0.0.255

permit 172.24.226.0, wildcard bits 0.0.0.255

permit 192.168.1.0, wildcard bits 0.0.0.255

deny any log

Standard IP access list VTY

30 permit 172.20.225.124

40 permit 172.20.225.225

10 permit 169.254.0.0, wildcard bits 0.0.0.255

20 permit 169.254.1.0, wildcard bits 0.0.0.255 (2 matches)

50 permit 172.20.226.0, wildcard bits 0.0.0.255

60 permit 172.24.226.0, wildcard bits 0.0.0.255

70 permit 192.168.1.0, wildcard bits 0.0.0.255 (2 matches)

80 deny any log

Thanks

Mark

2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

Mark

I have worked with IOS routers since the early days of release 9. It has consistently been the behavior (though not clearly documented) for standard access lists that IOS reorders the lines of the access list so that any host specific entries are put before any other entries.

So what you are observing is true and it is not a new thing. I think that you will find it in any router where you look and in any version where you look.

HTH

Rick

HTH

Rick

Hi Rick

Thanks for the speedy reply..

Do you have any links to docs on this?

Thanks

Mark

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco