06-11-2013 11:32 AM - edited 03-07-2019 01:50 PM
Hello,
Could anyone please shed some light on this?
Router(config)#ip access-list s 22
Router(config-std-nacl)#permit host 10.0.0.1
Router(config-std-nacl)#deny host 11.0.0.1
Router(config-std-nacl)#permit host 12.0.0.1
Router(config-std-nacl)#deny host 13.0.0.1
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exitRouter(config)#do sho ip access-l
Standard IP access list 22
20 deny 11.0.0.1
10 permit 10.0.0.1
40 deny 13.0.0.1
30 permit 12.0.0.1
50 permit any
Router(config)#
I'm not sure I understand why the router re-ordered the access list statements. This is on IOS 15.2, but 12.4 does the same thing. It gets really weird when I want to manage the ACL by sequence numbers
Router(config)#
Router(config)#ip access-l s 22
Router(config-std-nacl)#5 deny host 10.0.0.2
Router(config-std-nacl)#7 permit 10.0.0.128 0.0.0.127
Router(config-std-nacl)#exit
Router(config)#do sho access-l
Standard IP access list 22
5 deny 10.0.0.2
20 deny 11.0.0.1
10 permit 10.0.0.1
40 deny 13.0.0.1
30 permit 12.0.0.1
7 permit 10.0.0.128, wildcard bits 0.0.0.127
50 permit any
Router(config)#
Line 7 ends up under line 30... is there an automatic more-to-less specific thing going on here?
Thanks
06-11-2013 12:41 PM
Yes. It has been a consistent behavior of IOS (though not so well documented) that for standard access lists it will place the more specific host entries ahead of less specific subnet and network entries.
HTH
Rick
06-11-2013 01:18 PM
Richard,
Thank You. Any inkling as to why it re-orders the host statements? When I did the input, the order was 10,11,12,13. The show has it in 11,10,13,12 order. None of those addresses are more-specific, bit wise at least....
Thanks
06-11-2013 01:40 PM
I do not have an explanation of why the host entries in your first series of entries were changed. I can only explain (sort of) why line 7 moved to almost the bottom of the access list.
Perhaps someone else in the forum has an explanation of why the initial host entries changed from the original order of entry.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide