Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
534
Views
0
Helpful
5
Replies

named access lists

cro9uk
Level 1
Level 1

‎09-01-2004 08:11 AM - edited ‎03-02-2019 06:10 PM

hello, i created a named access list which worked fine until i added to it. I know that the default deny statement at the end of every list stops you from simply adding entries (to a numbered access list). I resolved it by creating the list again and including the new entries. My question is this: i thought that with named access lists you could add entries in any order, or am i wrong?

Labels:
0 Helpful
5 Replies 5

glen.grant
VIP Alumni
VIP Alumni

‎09-01-2004 08:42 AM

Depends on what code version you are running , once you get to 12.2T train each entry has a number next to it and you can put the new entries anywhere you want , before this level you could add and delete but you couldn't put them where you wanted it was like the old numbered acl's where it would put any new ones at the end of the list .

0 Helpful

cro9uk
Level 1
Level 1
In response to glen.grant

‎09-01-2004 04:26 PM

thanks glen, but i got my info here:

http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a008007edb7.html#1029162

a quote from the cisco document on named access lists

"You can enter ACL entries in any order without any performance impact"

am i missing something or is this document wrong?

0 Helpful

glen.grant
VIP Alumni
VIP Alumni
In response to cro9uk

‎09-11-2004 04:50 AM

I think all this is saying that it doesn't matter where you put your entries performance wise , in earlier versions they would reccomend that the most hit entries would put at the top of the ACL so that it did not have to look at the whole list , apparently this isn't the case anymore . As far as your first post even in numbered aCL's you could always add to the end of the ACL as long as your entry did not have to be in a specific spot in your ACL , it would just stick it at the end . As far as removing an entry then that is different story . :-)

In named ACL's you can add or delete to an aCL but until 12.2 T you could not add to a specific area in an ACL say you needed to add a permit above a deny statement or something like that you couldn't do it , with the new code you can put it anywhere you want.

0 Helpful

cro9uk
Level 1
Level 1
In response to glen.grant

‎09-15-2004 03:28 PM

how do i put a new permit stament "anywhere i want"?

surely when i enter a new command it simply appends the existing list and puts it at the bottom?

Pete

0 Helpful

glen.grant
VIP Alumni
VIP Alumni
In response to cro9uk

‎09-15-2004 04:31 PM

Like I said in previous post you must be running be running 12.2T train or later in order to have named access lists that allow you to put the entries anywhere you want . What it does is put a number before each entry say the first entry is has a 10 before the statement ,the second has a 20 . If need to put something in between entry 10 and 20 , you prefix your entry with something like "11" and this will put the entry between the first and second entry , so this feature alllows you to put entries anywhere in the list because each entry has a unique entry number . I haven't tried it but if you don't put a prefix number before the statement I imagine it will stick it at the bottom . If you have a version that supports this you will see the prefix numbers if you do a "show access-list" .

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card