Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
3
Helpful
10
Replies

Standard Access List

Go to solution
hs08
Spotlight
Spotlight

‎10-09-2024 06:01 PM

Hello,

When i create standard access list with below item : 

access-list 55 permit 10.103.0.0 0.0.255.255
access-list 55 permit 10.100.50.0 0.0.0.255
access-list 55 permit 10.100.201.0 0.0.0.255
access-list 55 permit 172.21.22.0 0.0.0.255
access-list 55 permit 172.21.23.0 0.0.0.255
access-list 55 permit 10.100.200.0 0.0.0.255
access-list 55 permit 172.30.30.20
access-list 55 permit 10.100.62.251
access-list 55 permit 10.100.62.252

and for some devices (example in C3750E with IOS 15.0 SE4) the ACL looks like 

hs08_0-1728521736591.png

and in some devices (example in C9300-24T with IOSXE17.09.03) look like 

hs08_1-1728521926085.png

Both standard ACL have different appearance, are this due different hardware or different IOS version?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎10-10-2024 01:04 AM - edited ‎10-10-2024 01:27 AM

Hello
I believe you are on the right track as what you see is due to the software.
Older standard acls you didn't have the luxury of re-sequencing the access-list entries (ACES)  if remember you would apply the acl just like you have shown and the software would automatically re-order the most specific aces first.

In newer software you can re-order and sequence aces before and after you created them, so maybe in this instance of software the acl is created as you apply it, however I believe should re-ordering of the most specific aces first is usually performed.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

10 Replies 10

Go to solution
ammahend
VIP
VIP

‎10-09-2024 08:46 PM

its Software, Starting from Cisco IOS XE 16.9.4, use the ip access-list command to configure object-group based numbered ACL. 

Source :https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-16-9/sec-data-acl-xe-16-9-book/sec-access-list-ov.html

 

-hope this helps-
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎10-09-2024 09:19 PM

Yes 

First config like below 

access-list <1-99> permit/deny ...

Second config like below

Ip Access-list standard <word or 1-99>

Permit/deny ....

 

So what you see in output represent how you config ACL

MHM

0 Helpful

Go to solution
hs08
Spotlight
Spotlight
In response to MHM Cisco World

‎10-09-2024 10:54 PM

Hi,

The ACL is configured with same command 

access-list 55 permit 10.103.0.0 0.0.255.255
access-list 55 permit 10.100.50.0 0.0.0.255
access-list 55 permit 10.100.201.0 0.0.0.255
access-list 55 permit 172.21.22.0 0.0.0.255
access-list 55 permit 172.21.23.0 0.0.0.255
access-list 55 permit 10.100.200.0 0.0.0.255
access-list 55 permit 172.30.30.20
access-list 55 permit 10.100.62.251
access-list 55 permit 10.100.62.252

and i not issuing command ip access-list standard 55.

So are you saying the difference because I use different IOS version?

Go to solution
MHM Cisco World
VIP
VIP
In response to hs08

‎10-09-2024 11:06 PM

In C9K you config same ? I Dont think so.

It not ver or platform it how you config standard ACL.

MHM

0 Helpful

Go to solution
hs08
Spotlight
Spotlight
In response to MHM Cisco World

‎10-09-2024 11:10 PM

Hi 

Yes the config is same.

Let see below pic. I try create access-list 66 with command access-list 66 permit 10.10.10.10 for testing. The result is

Standard IP  access list 66

10 permit 10.10.10.10

hs08_0-1728540569157.png

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to hs08

‎10-09-2024 11:27 PM

Check your original post 

There are three 

1- access-list <1-99> permit/deny ...

This can appear depending on IOS 

A- access-list <1-99> permit/deny ...

B- standard IP acces list 

 

2- Ip Access-list standard <word or 1-99>  Permit/deny ....

Appear as 

Ip Access-list standard <word or 1-99>  Permit/deny ....

MHM

0 Helpful

Go to solution
hs08
Spotlight
Spotlight
In response to MHM Cisco World

‎10-09-2024 11:31 PM

Hi @MHM Cisco World 

So for item number 1 what you mention, we can say the different due different ios version and not by devices model ?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to hs08

‎10-10-2024 01:10 AM

IOS ver. Make show different for number1.

I prefer always use no.2 

MHM

0 Helpful

Go to solution
paul driver
VIP
VIP

‎10-10-2024 01:04 AM - edited ‎10-10-2024 01:27 AM

Hello
I believe you are on the right track as what you see is due to the software.
Older standard acls you didn't have the luxury of re-sequencing the access-list entries (ACES)  if remember you would apply the acl just like you have shown and the software would automatically re-order the most specific aces first.

In newer software you can re-order and sequence aces before and after you created them, so maybe in this instance of software the acl is created as you apply it, however I believe should re-ordering of the most specific aces first is usually performed.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
MHM Cisco World
VIP
VIP
In response to paul driver

‎10-10-2024 02:45 AM

Apologise 
the No.1 of standard ACL can not re-order the ACL LINE 
that why I prefer number 2

to re-order the LINE of ACL you need to have Seq No which not available in No.1 but No.2 have this Seq No.


so always try use No.2

Screenshot (829).png

Screenshot (830).png

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card