Guys, be very careful with advice on access-list on production routers. The
best practice for adding or changing access-list is to remove it from the
interface before modifying it. The implicit deny all can be a real disaster
with typos and the like when working from remote location. Be sure to remove
the old access-list with a no access-list # before pasteing back the new
one.
Johnny
----- Original Message -----
From: "Swart, Douwe" <[EMAIL PROTECTED]>
To: "'Palikhey, Niraj'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, June 15, 2000 4:43 PM
Subject: RE: Access-lists question??
> Use a terminal emulator (I know Procomm Plus does this) and cut the access
> list. Put it to notepad and edit the list just the way that you want it
in
> the correct order.
>
> You will need to prepend to this list the correct access list command and
> access list number that you want to use. Then paste this back into the
> router config mode command. This will add in the new access list, in the
> correct order.......Or you can rewrite the whole list manually again.
>
> I am sure that there is an easier way to do this again.....but that is the
> way that we do ours.
>
> The deny all is implicit...and is applied at the end of your access list.
>
>
> Douwe
>
> -----Original Message-----
> From: Palikhey, Niraj [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 16, 2000 2:22 AM
> To: '[EMAIL PROTECTED]'
> Subject: Access-lists question??
>
> Hi,
> I am trying to understand something with access-lists. They
> say that when
> you put in a new entry to an existing access-list, it will
> be written at the
> end of the existing list. So If I have a deny any any at the
> end of the list
> and I add a new entry that says permit 10.20.16.20, this
> will not work as
> this entry will be added at the end of the list. But when I
> do a sh
> access-lists or a sh run, I see that the new entry is not at
> the bottom of
> the existing list. I am trying to understand, even though it
> is not at the
> bottom, when the access-list is read, will it find it before
> the deny any
> any or not? Moreover, I have read that the Cisco IOS will
> rearrange the
> list. Is this the reason that the new entry does not show at
> the bottom but
> will work as entered in the end?
> Please advise.
> Thank you.
> Kind regards,
> Niraj
>
> ___________________________________
> UPDATED Posting Guidelines:
> http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
> Visit our Website : http://www.traveland.com.au
>
> Disclaimer - This message and any attachments are confidential and may
contain privileged information intended only for the use of the addressee
named above. If you are not the intended recipient of this message you are
hereby notified that any use, dissemination, distribution or reproduction of
this message is prohibited. If you have received this message in error
please notify Traveland Pty Ltd immediately by return email. Any views
expressed in this message are those of the individual sender and may not
necessarily reflect the views of Traveland Pty Ltd.
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
