Remember there is an implied deny at the end of every list. The purpose of
the list is to permit 172.16.40.0 and deny everything else. This small a
list, especially a standard one, wont have a much impact on router
performance. Why deny 172.16.20.0 and 172.16.30.0 first, and making the
router process 3 lines of list, if it is going to be denied anyway? Is there
a difference between
access-list 1 deny 172.16.20.0 0.0.0.255
access-list 1 deny 172.16.30.0 0.0.0.255
access-list 1 permit 172.16.40.0 0.0.0.255
and
access-list 1 permit 172.16.40.0 0.0.0.255
The 2 deny statements are not needed, don't do anything, and only add work
for the processor.
Scott Meyer
CCNA, CCDA, MCSE, etc
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tolanid
Sent: Monday, April 16, 2001 8:53 PM
To: [EMAIL PROTECTED]
Subject: Re: access list rearrange? [7:861]
Scott - my experience has been that access lists are NEVER re-arranged. I
would not believe the book. I have the book you are talking about - I'll
refer the errata for the book from their website (if they have it). But,
again, my understanding is - the IOS will never re-arrange the access list
the way "it" thinks is right.
Also - I am looking at the example you provided but don't see why the new
"re-ordered" one is better??
Thanks
Raj
"Scott Meyer" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I was reading Sybex's old ACRC book. One of the study questions, as well
as
> a tip in the chapter indicate that the IOS will reorder an access list to
> make more sense.
>
> For example, an access list entered as:
> access-list 1 deny 172.16.20.0 0.0.0.255
> access-list 1 deny 172.16.30.0 0.0.0.255
> access-list 1 permit 172.16.40.0 0.0.0.255
>
> would be re-ordered as :
> access-list 1 permit 172.16.40.0 0.0.0.255
> access-list 1 deny 172.16.20.0 0.0.0.255
> access-list 1 deny 172.16.30.0 0.0.0.255
>
> I played around a bit and could not confirm this. show ip access list
showed
> the access-list exactly as I entered it.
> I had always thought that IOS would never re-arrange the list, no matter
how
> stupid it was entered.
>
> Am I on crack or is the book wrong?
>
> Scott Meyer
> [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=892&t=861
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
