cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2840
Views
5
Helpful
7
Replies

ACL sequnce number not in order

sj1031
Beginner
Beginner

Hi all

i notice my ACL have sequnce number that is not in order, i thought the sequnce number should automagically goes in order, exmplae 10, 20, 30 ....... etc

 

Switch#sh access-lists

Standard IP access list 99
    30 permit 172.18.1.2 (328056 matches)
    10 permit 172.18.1.3 (417138 matches)
    20 permit 172.18.1.4 (875236 matches)

7 Replies 7

Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert

Hi,

That is correct. The ACL sequence number should be in order (10, 20, 30, etc..)

It maybe a bug the IOS you are running.

HTH

Julio E. Moisa
VIP Mentor VIP Mentor
VIP Mentor

Hi

Try to use named ACL instead numbered ACL, for example:

 

ip access-list standard MY-NETWORKS

permit 1.1.1.0 0.0.0.255

permit host 2.2.2.2 

permit 3.3.3.3 0.0.0.0

 

Add a new entry and please verify again.  Also you could try using:

 

ip access-list standard 99

10 permit 1.1.1.0 0.0.0.255

20 permit host 2.2.2.2 

30 permit 3.3.3.3 0.0.0.0

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Brian M
Beginner
Beginner

I have this same problem and I've tested it on two versions; IOS-15.6.2 and XE-16.07.

 

If I enter this:

ip access-list standard TEST

permit 10.128.2.94

permit 10.190.9.100

permit 10.216.190.46

 

I end up with this

Standard IP access list TEST
30 permit 10.216.190.46
10 permit 10.128.2.94
20 permit 10.190.9.100

 

A little more detail:

  • Its always out of order in the same way on the different devices.
  • Extended ACLs don't seem to have this issue.
  • It only does this when I enter a host address (as opposed to subnet/wildcard).
  • If enter a subnet & wildcard it's always in the correct order (the order I added it).
  • Even if I enter it as permit host x.x.x.x , it'll still go out-of-order.

Estimated,

 

 

Please read the last reply from this post https://supportforums.cisco.com/t5/lan-switching-and-routing/access-list-wrong-order/td-p/3070419

Do not forget to rate useful answers.

 

Best Regards,


@Diana Karolina Rojas wrote:

Estimated,

 

 

Please read the last reply from this post https://supportforums.cisco.com/t5/lan-switching-and-routing/access-list-wrong-order/td-p/3070419

Do not forget to rate useful answers.

 

Best Regards,


That definitely answer is, Thank you!!

 

sbhadrav@cisco.com
Contributor
Contributor