Hi, On Sun, Oct 05, 2008 at 08:21:40AM -0400, Ed Ravin wrote: > If the router doesn't complain about syntax > problems, the script then removes the original ACL from any interfaces > it is applied to and applies the test ACL. Then the script deletes the > original ACL and uploads the new ACL with the original name, and then it > removes the test-xxxx ACL from the interface(s) and applies the original ACL. > > This leaves two short windows when the interface has no ACL applied, but
I'm wondering if there is any deeper necessity for removing the old ACL
from the interface? In the cases that I've changed ACLs on an interface,
I normally just configure the new ACL - and given that Cisco can only
have one IP ACL (per direction) on each interface, this automatically
and atomically removes the old ACL...
But you might have seen more pathological cases, where things fail in
interesting ways - which is why I'm curious.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [EMAIL PROTECTED]
fax: +49-89-35655025 [EMAIL PROTECTED]
pgpYlWPTkviep.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
