From: hulbertj@comcast.net
Date: Fri Dec 02 2005 - 12:11:27 GMT-3
IOS does assign a sequence number to standard and extended access-lists. This allows us to remove or add another line anywhere in the ACL.
Rack1R1#sho access-lists
Rack1R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R1(config)#access-list 1 permit 1.1.1.0 0.0.0.255
Rack1R1(config)#access-list 1 deny 2.2.2.0 0.0.0.255
Rack1R1(config)#access-list 1 permit 3.3.3.0 0.0.0.255
Rack1R1(config)#access-list 1 deny 4.4.4.0 0.0.0.255
Rack1R1(config)#do sho access-lists 1
Standard IP access list 1
10 permit 1.1.1.0, wildcard bits 0.0.0.255
20 deny 2.2.2.0, wildcard bits 0.0.0.255
30 permit 3.3.3.0, wildcard bits 0.0.0.255
40 deny 4.4.4.0, wildcard bits 0.0.0.255
Rack1R1(config)#
Rack1R1(config)#ip access-list standard 1
Rack1R1(config-std-nacl)#no 30
Rack1R1(config-std-nacl)#15 permit 15.15.15.0 0.0.0.255
Rack1R1(config-std-nacl)#do sho access-list 1
Standard IP access list 1
10 permit 1.1.1.0, wildcard bits 0.0.0.255
15 permit 15.15.15.0, wildcard bits 0.0.0.255
20 deny 2.2.2.0, wildcard bits 0.0.0.255
40 deny 4.4.4.0, wildcard bits 0.0.0.255
Rack1R1(config-std-nacl)#
Jerry
-------------- Original message --------------
> Prefix-lists are in fact more efficient. The IOS looks through
> prefix-lists in a more efficient manner than ACL's. Also, Prefix-lists
> allow you to edit or add to (delete from) any line without having to
> take out the entire list (you can do it on the fly). My personal opinion
> is to use prefix-lists in lieu of ACL's whenever possible.
> Thanks
> Vince Mashburn
> Voice / Network Engineer
> 901-263-5072
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Bryant, Paul M
> Sent: Friday, December 02, 2005 2:14 AM
> To: 'rosy bird'; ccielab@groupstudy.com
> Cc: swm@emanon.com
> Subject: RE: Basic Dielema....Acces-list or Prefix-List
>
> Hi Rosy
>
> I have read that ACL should be avoid for route filtering as Prefix-list
> are
> more efficent in the way that they are able to filter. For other filter
> purposes obviously Prefix list are no good, i.e. port protocol etc..
>
> I am not sure how the efficency is achieved I guess it is the way in
> which
> the memory is used can be simpler with a Prefix-list than an acl.
> Probably
> meaning it can be done in hardware. Perhaps one of the other members of
> this
> group might know why they are more efficent in detail.
>
> Thanks
>
> Paul
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> rosy
> bird
> Sent: 02 December 2005 07:52
> To: ccielab@groupstudy.com
> Cc: swm@emanon.com
> Subject: Basic Dielema....Acces-list or Prefix-List
>
>
> Just wanted to know which is the best practice..use of ACL or Prefix
> list.Insituation where,using a prefix-list would not give any specific
> advantage as such(unless specified of course)...is it ok to use Acls ??
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3