09-12-2007 08:08 AM - edited 03-05-2019 06:26 PM
Hi All
I've recently noticed that some routers Reordered named access-list so that Host are at the top of the list following by subnets in numerical order. for example the standard acl is entered as per below and the show access-list commands shows a different sequence
IP access-list standard VTY
permit 169.254.0.0, wildcard bits 0.0.0.255
permit 169.254.1.0, wildcard bits 0.0.0.255
permit 172.20.225.124
permit 172.20.225.225
permit 172.20.226.0, wildcard bits 0.0.0.255
permit 172.24.226.0, wildcard bits 0.0.0.255
permit 192.168.1.0, wildcard bits 0.0.0.255
deny any log
Standard IP access list VTY
30 permit 172.20.225.124
40 permit 172.20.225.225
10 permit 169.254.0.0, wildcard bits 0.0.0.255
20 permit 169.254.1.0, wildcard bits 0.0.0.255 (2 matches)
50 permit 172.20.226.0, wildcard bits 0.0.0.255
60 permit 172.24.226.0, wildcard bits 0.0.0.255
70 permit 192.168.1.0, wildcard bits 0.0.0.255 (2 matches)
80 deny any log
Thanks
Mark
09-12-2007 09:03 AM
Mark
I have worked with IOS routers since the early days of release 9. It has consistently been the behavior (though not clearly documented) for standard access lists that IOS reorders the lines of the access list so that any host specific entries are put before any other entries.
So what you are observing is true and it is not a new thing. I think that you will find it in any router where you look and in any version where you look.
HTH
Rick
09-13-2007 12:14 AM
Hi Rick
Thanks for the speedy reply..
Do you have any links to docs on this?
Thanks
Mark
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: