Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Statement order in Standard ACL 3750. Plz help

Hi All,

The switch (3750) running 12.2(50)SE3 has the problem that ACL 20 is not in the order in which it was created.

  the order in which I enter the aclis different than the one that is displayed in the show run and the show access-list

  can someone let meknow how itworks?

usasw1(config)#access-list 20 permit 14.18.10.10

usasw1(config)#access-list 20 permit 14.18.10.28

usasw1(config)#access-list 20 permit 14.18.10.20

usasw1(config)#access-list 20 permit 13.20.13.20

usasw1(config)#access-list 20 permit 13.40.18.31

usasw1(config)#access-list 20 permit 13.20.28.40

usasw1(config)#access-list 20 permit 13.40.3.142

usasw1(config)#access-list 20 permit 13.20.28.1620

usasw1(config)#access-list 20 permit 13.20.10.148

usasw1(config)#access-list 20 permit 13.20.15.40

usasw1(config)#access-list 20 permit 12.25.10.243

usasw1(config)#access-list 20 permit 13.20.10.10

usasw1(config)#access-list 20 permit 14.18.10.55

usasw1(config)#access-list 20 permit 13.20.10.10

usasw1(config)#access-list 20 permit 14.18.10.125

usasw1(config)#access-list 20 permit 13.20.15.15

usasw1(config)#access-list 20 permit 13.40.34.57

usasw1(config)#access-list 20 permit 12.16.126.26

usasw1(config)#access-list 20 permit 13.40.32.48

usasw1(config)#access-list 20 permit 14.18.10.10

usasw1(config)#access-list 20 permit 13.40.32.82

usasw1(config)#access-list 20 permit 13.40.10.125

usasw1(config)#access-list 20 permit 14.18.10.40

usasw1(config)#access-list 20 permit 13.20.13.10

usasw1(config)#access-list 20 permit 13.20.13.15

usasw1(config)#access-list 20 permit 13.40.2.37

usasw1(config)#access-list 20 permit 14.18.23.246

usasw1(config)#access-list 20 permit 14.20.135.165

usasw1(config)#access-list 20 permit 12.16.10.125

usasw1(config)#access-list 20 permit 12.16.12.201

usasw1(config)#access-list 20 permit 13.40.32.30

usasw1(config)#access-list 20 permit 15.14.10.58

usasw1(config)#access-list 20 permit 13.27.10.10

usasw1(config)#access-list 20 permit 13.20.24.31

usasw1(config)#access-list 20 permit 14.20.10.236

usasw1(config)#access-list 20 permit 15.140.10.14

usasw1(config)#access-list 20 permit 15.140.10.15

usasw1(config)#access-list 20 permit 14.20.103.203

usasw1(config)#access-list 20 deny   any

C3750-2#show access-lists 20

Standard IP access list 20

    50 permit 13.40.18.31

    60 permit 13.20.28.40

    70 permit 13.40.3.142

    80 permit 13.20.28.1620

    270 permit 14.18.23.246

    10 permit 14.18.10.10

    20 permit 14.18.10.28

    30 permit 14.18.10.20

    40 permit 13.20.13.20

    10 permit 12.25.10.243

    12 permit 13.20.10.10

    280 permit 14.20.135.165

    200 permit 12.16.10.125

    300 permit 12.16.12.201

    13 permit 14.18.10.55

    140 permit 13.20.10.10

    23 permit 14.18.10.40

    20 permit 13.40.10.125

    240 permit 13.20.13.10

    250 permit 13.20.13.15

    260 permit 13.40.2.37

    310 permit 13.40.32.30

    320 permit 15.14.10.58

    200 permit 13.20.10.148

    10 permit 13.20.15.40

    330 permit 13.27.10.10

    340 permit 13.20.24.31

    150 permit 14.18.10.125

    160 permit 13.20.15.15

    170 permit 13.40.34.57

    180 permit 12.16.126.26

    120 permit 13.40.32.48

    200 permit 14.18.10.10

    350 permit 14.20.10.236

    210 permit 13.40.32.82

    360 permit 15.140.10.14

    370 permit 15.140.10.15

    380 permit 14.20.103.203

    450 deny   any

Any help on this is highly appriciated. Thanks in advance.

REgards

Alex.

3 REPLIES
New Member

Re: Statement order in Standard ACL 3750. Plz help

Typo here ==>

usasw1(config)#access-list 20 permit 13.40.3.142

usasw1(config)#access-list 20 permit 13.20.28.1620

usasw1(config)#access-list 20 permit 13.20.10.148

Don't know if that cause the problem though.

Re: Statement order in Standard ACL 3750. Plz help

In standard ACL's the order is random and I have never heard an explaination why. Since it is a standard ACL it doesn't matter too much as they are generally used for granting access versus packet filtering. If you must have a specific order you'll need to use an extended ACL.

Hope it helps.

Re: Statement order in Standard ACL 3750. Plz help

I think , I have heard about this somewhere , the problem is that The Access-list Sequencing No.'s are not supported for old numbered ACL's  be it standard or extended , but if you create the access list as a Named Access List then the sequencing works. so if you do :-

access-list 20 permit a.b.c.d 0.0.0.255

access-list 20 permit a.b.c.x 0.0.0.255

access-list 20 deny any

Then the sequencing doesn't work but if you do :-

ip access-list standard XXX { XXX here could be number or name whatever you like ) 
10 permit a.b.c.d 0.0.0.255
20 permit a.b.c.x 0.0.0.255
30 deny any

This should work as far as sequencing is concerned as per my knowledge.

Manish

198
Views
0
Helpful
3
Replies
CreatePlease to create content