Solved: sequence number for access list in in ios 12.3

sarahr202 · ‎03-19-2009

Hi every body!

My book shows following:

show ip access-list 24

10 permit 10.1.1.10,wildcard bits 0.0.0255

20 permit 1.1.1.0 wildcard bits, 0.255.255.255

My question are the sequence numbers multiples of 10 for extended access list as well by default ?

My book shows editing of acl by giving following example.

r1( config -std-nacl)# 5 deny 10.1.1.1

Show ip access-list 24

5 deny 10.1.1.1

10 permit 10.1.1.10,wildard bits 0.0.0.255

20 permit 1.1.1.0 wildcard bits 0.255.255.255

My question are what are valid sequence numbers? Can i use " 1 deny 10.1.1.1" instead of " 5 deny 10.1.1.1'' ?

Thanks a lot!

Jon Marshall · ‎03-19-2009

Sarah

Yes they go up in multiples of 10 so it leaves you space to insert new lines.

Yes you can use any number between 1 & 10 - all numbers are valid.

Jon

View solution in original post

Richard Burts · ‎03-19-2009

It is my experience that access lists, both standard and extended, default to sequence numbering by 10. The support for sequence numbering varies by release and by type of access list, with named access lists supporting sequencing before it was supported in numbered access lists. So the support for sequencing may vary depending on what version of IOS you are running.

As far as I know the sequence of 1 would work just as well as the sequence of 5.

HTH

Rick

HTH

Rick

View solution in original post

Edison Ortiz · ‎03-19-2009

Sarah,

The default sequence of 10 is a good value as it allows you to integrate additional ACEs in between after they were initially entered.

For instance, based on your example:

5 deny 10.1.1.1

10 permit 10.1.1.10,wildard bits 0.0.0.255

20 permit 1.1.1.0 wildcard bits 0.255.255.255

I can add another ACE, between 10 and 20 by entering

15 permit x.x.x.x wildcard bits x.x.x.x

HTH,

__

Edison.

View solution in original post

Jon Marshall · ‎03-19-2009

Sarah

Yes they go up in multiples of 10 so it leaves you space to insert new lines.

Yes you can use any number between 1 & 10 - all numbers are valid.

Jon

Richard Burts · ‎03-19-2009

It is my experience that access lists, both standard and extended, default to sequence numbering by 10. The support for sequence numbering varies by release and by type of access list, with named access lists supporting sequencing before it was supported in numbered access lists. So the support for sequencing may vary depending on what version of IOS you are running.

As far as I know the sequence of 1 would work just as well as the sequence of 5.

HTH

Rick

HTH

Rick

Edison Ortiz · ‎03-19-2009

Sarah,

The default sequence of 10 is a good value as it allows you to integrate additional ACEs in between after they were initially entered.

For instance, based on your example:

5 deny 10.1.1.1

10 permit 10.1.1.10,wildard bits 0.0.0.255

20 permit 1.1.1.0 wildcard bits 0.255.255.255

I can add another ACE, between 10 and 20 by entering

15 permit x.x.x.x wildcard bits x.x.x.x

HTH,

__

Edison.