Re: access-list scrambling

From: Drew Whitaker (drew.whitaker@gmail.com)
Date: Fri Jan 07 2005 - 19:23:56 GMT-3

• Next message: Brian McGahan: "RE: IEWB Lab 2 Task 9.10"
• Previous message: Dave Cooper \(davcoope\): "OOB modem testing"
• Maybe in reply to: Rodrigo Paes: "access-list scrambling"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've seen that as well. I noticed that it seems to happen when I put
in statements with different length subnet masks. Example:
I put in:
Router(config)#access-list 10 permit 10.0.0.0
Router(config)#access-list 10 permit 20.0.0.0
Router(config)#access-list 10 permit 30.30.30.0
Router(config)#access-list 10 permit 40.40.40.40
Router(config)#access-list 10 deny 50.0.0.0
Router(config)#access-list 10 permit 60.0.0.0

show run:
access-list 10 permit 40.40.40.40
access-list 10 permit 10.0.0.0
access-list 10 permit 20.0.0.0
access-list 10 permit 30.30.30.0
access-list 10 deny 50.0.0.0
access-list 10 permit 60.0.0.0

Again, this time I put in:
Router(config)#access-list 20 permit 100.0.0.0
Router(config)#access-list 20 permit 110.110.110.0
Router(config)#access-list 20 permit 111.111.111.111

show run:
access-list 20 permit 111.111.111.111
access-list 20 permit 100.0.0.0
access-list 20 permit 110.110.110.0

However, if I just put in the classful networks, then it appears in
the correct order. Example:
access-list 10 permit 10.0.0.0
access-list 10 permit 20.0.0.0
access-list 10 permit 30.0.0.0
access-list 10 permit 40.0.0.0
access-list 10 permit 50.0.0.0
access-list 10 permit 60.0.0.0

The way around this anomaly is to put in the wildcard mask for each
line. Not sure why this happens.

On Fri, 7 Jan 2005 19:48:28 -0200, Rodrigo Paes <rodrigo.paes@pobox.com> wrote:
> Hi everyone,
>
> I saw something today that I've seen before but never found a reason why,
> lets say I applied a access-list like this...
>
> access-list 10 permit "IP1"
> access-list 10 permit "IP2"
> access-list 10 permit "IP3"
> access-list 10 permit "IP4"
> access-list 10 deny "IP5"
> access-list 10 permit "IP6"
> access-list 10 permit "IP7"
> access-list 10 permit "IP8"
> access-list 10 permit "IP9"
>
> and it showed up int the running-config like this
>
> access-list 10 permit "IP4"
> access-list 10 permit "IP1"
> access-list 10 permit "IP3"
> access-list 10 permit "IP2"
> access-list 10 deny "IP5"
> access-list 10 permit "IP8"
> access-list 10 permit "IP7"
> access-list 10 permit "IP9"
> access-list 10 permit "IP6"
>
> It happens when you add a line to a access-list aswell, the line might
> show up in the middle instead of the end, where it would be expected, althoug
> I've never seen a new line added before a "deny" statement, it seems to
> shuffle within the permits or denys that are next to each other
>
> Can anyone help me ?
>
> []'s
> Rodrigo
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Brian McGahan: "RE: IEWB Lab 2 Task 9.10"
• Previous message: Dave Cooper \(davcoope\): "OOB modem testing"
• Maybe in reply to: Rodrigo Paes: "access-list scrambling"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:20 GMT-3