Yep,
I concur, an implicit deny all with an access list tends to be forgotten and
maybe the book was trying to iterate that fact. The denies are superfluous.
""Scott Meyer"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Remember there is an implied deny at the end of every list. The purpose of
> the list is to permit 172.16.40.0 and deny everything else. This small a
> list, especially a standard one, wont have a much impact on router
> performance. Why deny 172.16.20.0 and 172.16.30.0 first, and making the
> router process 3 lines of list, if it is going to be denied anyway? Is
there
> a difference between
>
> access-list 1 deny 172.16.20.0 0.0.0.255
> access-list 1 deny 172.16.30.0 0.0.0.255
> access-list 1 permit 172.16.40.0 0.0.0.255
>
>
> and
> access-list 1 permit 172.16.40.0 0.0.0.255
>
>
> The 2 deny statements are not needed, don't do anything, and only add work
> for the processor.
>
> Scott Meyer
> CCNA, CCDA, MCSE, etc
> [EMAIL PROTECTED]
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Tolanid
> Sent: Monday, April 16, 2001 8:53 PM
> To: [EMAIL PROTECTED]
> Subject: Re: access list rearrange? [7:861]
>
>
> Scott - my experience has been that access lists are NEVER re-arranged. I
> would not believe the book. I have the book you are talking about - I'll
> refer the errata for the book from their website (if they have it). But,
> again, my understanding is - the IOS will never re-arrange the access
list
> the way "it" thinks is right.
>
> Also - I am looking at the example you provided but don't see why the new
> "re-ordered" one is better??
>
> Thanks
>
> Raj
> "Scott Meyer" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I was reading Sybex's old ACRC book. One of the study questions, as well
> as
> > a tip in the chapter indicate that the IOS will reorder an access list
to
> > make more sense.
> >
> > For example, an access list entered as:
> > access-list 1 deny 172.16.20.0 0.0.0.255
> > access-list 1 deny 172.16.30.0 0.0.0.255
> > access-list 1 permit 172.16.40.0 0.0.0.255
> >
> > would be re-ordered as :
> > access-list 1 permit 172.16.40.0 0.0.0.255
> > access-list 1 deny 172.16.20.0 0.0.0.255
> > access-list 1 deny 172.16.30.0 0.0.0.255
> >
> > I played around a bit and could not confirm this. show ip access list
> showed
> > the access-list exactly as I entered it.
> > I had always thought that IOS would never re-arrange the list, no matter
> how
> > stupid it was entered.
> >
> > Am I on crack or is the book wrong?
> >
> > Scott Meyer
> > [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=913&t=861
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
