Hi, On Sun, Oct 05, 2008 at 02:38:26PM -0400, Ed Ravin wrote: > > I'm wondering if there is any deeper necessity for removing the old ACL > > from the interface? In the cases that I've changed ACLs on an interface, > > I normally just configure the new ACL - and given that Cisco can only > > have one IP ACL (per direction) on each interface, this automatically > > and atomically removes the old ACL... > > Hmmm. Has that always worked, even in IOS 11 and early 12.1 > environments? I don't remember whether I tried that when I first > started developing aclmaker back in 2002.
This is why I was asking :-)
Everywhere I can *remember* having changed ACLs "on the fly" (replace old
ACL with new ACL in the interface config), it worked without nasty side
effects.
OTOH, our use of ACLs on IOS 11 was quite limited, so I really can't say.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [EMAIL PROTECTED]
fax: +49-89-35655025 [EMAIL PROTECTED]
pgpc6ZL97cu33.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
