03-19-2009 09:17 AM - edited 03-06-2019 04:42 AM
Hi every body!
My book shows following:
show ip access-list 24
10 permit 10.1.1.10,wildcard bits 0.0.0255
20 permit 1.1.1.0 wildcard bits, 0.255.255.255
My question are the sequence numbers multiples of 10 for extended access list as well by default ?
My book shows editing of acl by giving following example.
r1( config -std-nacl)# 5 deny 10.1.1.1
Show ip access-list 24
5 deny 10.1.1.1
10 permit 10.1.1.10,wildard bits 0.0.0.255
20 permit 1.1.1.0 wildcard bits 0.255.255.255
My question are what are valid sequence numbers? Can i use " 1 deny 10.1.1.1" instead of " 5 deny 10.1.1.1'' ?
Thanks a lot!
Solved! Go to Solution.
03-19-2009 09:41 AM
Sarah
Yes they go up in multiples of 10 so it leaves you space to insert new lines.
Yes you can use any number between 1 & 10 - all numbers are valid.
Jon
03-19-2009 10:00 AM
It is my experience that access lists, both standard and extended, default to sequence numbering by 10. The support for sequence numbering varies by release and by type of access list, with named access lists supporting sequencing before it was supported in numbered access lists. So the support for sequencing may vary depending on what version of IOS you are running.
As far as I know the sequence of 1 would work just as well as the sequence of 5.
HTH
Rick
03-19-2009 10:03 AM
Sarah,
The default sequence of 10 is a good value as it allows you to integrate additional ACEs in between after they were initially entered.
For instance, based on your example:
5 deny 10.1.1.1
10 permit 10.1.1.10,wildard bits 0.0.0.255
20 permit 1.1.1.0 wildcard bits 0.255.255.255
I can add another ACE, between 10 and 20 by entering
15 permit x.x.x.x wildcard bits x.x.x.x
HTH,
__
Edison.
03-19-2009 09:41 AM
Sarah
Yes they go up in multiples of 10 so it leaves you space to insert new lines.
Yes you can use any number between 1 & 10 - all numbers are valid.
Jon
03-19-2009 10:00 AM
It is my experience that access lists, both standard and extended, default to sequence numbering by 10. The support for sequence numbering varies by release and by type of access list, with named access lists supporting sequencing before it was supported in numbered access lists. So the support for sequencing may vary depending on what version of IOS you are running.
As far as I know the sequence of 1 would work just as well as the sequence of 5.
HTH
Rick
03-19-2009 10:03 AM
Sarah,
The default sequence of 10 is a good value as it allows you to integrate additional ACEs in between after they were initially entered.
For instance, based on your example:
5 deny 10.1.1.1
10 permit 10.1.1.10,wildard bits 0.0.0.255
20 permit 1.1.1.0 wildcard bits 0.255.255.255
I can add another ACE, between 10 and 20 by entering
15 permit x.x.x.x wildcard bits x.x.x.x
HTH,
__
Edison.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide