From: Vincent Mashburn (vmashburn@fedex.com)
Date: Fri Dec 02 2005 - 12:13:50 GMT-3
I agree. However, we are running the 12.2 train and trying to replace or
add statements via sequence numbers is buggy. Sometimes it works,
sometimes not. However, it always works with prefix-lists.
Vince Mashburn
Engineer
901-263-5072
CCIE (R&S Written), CCNP, CCDA, Network +
________________________________
From: hulbertj@comcast.net [mailto:hulbertj@comcast.net]
Sent: Friday, December 02, 2005 9:11 AM
To: Vincent Mashburn; Bryant, Paul M; rosy bird; ccielab@groupstudy.com
Cc: swm@emanon.com
Subject: RE: Basic Dielema....Acces-list or Prefix-List
IOS does assign a sequence number to standard and extended access-lists.
This allows us to remove or add another line anywhere in the ACL.
Rack1R1#sho access-lists
Rack1R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R1(config)#access-list 1 permit 1.1.1.0 0.0.0.255
Rack1R1(config)#access-list 1 deny 2.2.2.0 0.0.0.255
Rack1R1(config)#access-list 1 permit 3.3.3.0 0.0.0.255
Rack1R1(config)#access-list 1 deny 4.4.4.0 0.0.0.255
Rack1R1(config)#do sho access-lists 1
Standard IP access list 1
10 permit 1.1.1.0, wildcard bits 0.0.0.255
20 deny 2.2.2.0, wildcard bits 0.0.0.255
30 permit 3.3.3.0, wildcard bits 0.0.0.255
40 deny 4.4.4.0, wildcard bits 0.0.0.255
Rack1R1(config)#
Rack1R1(config)#ip access-list standard 1
Rack1R1(config-std-nacl)#no 30
Rack1R1(config-std-nacl)#15 permit 15.15.15.0 0.0.0.255
Rack1R1(config-std-nacl)#do sho access-list 1
Standard IP access list 1
10 permit 1.1.1.0, wildcard bits 0.0.0.255
15 permit 15.15.15.0, wildcard bits 0.0.0.255
20 deny 2.2.2.0, wildcard bits 0.0.0.255
40 deny 4.4.4.0, wildcard bits 0.0.0.255
Rack1R1(config-std-nacl)#
Jerry
-------------- Original message --------------
> Prefix-lists are in fact more efficient. The IOS looks through
> prefix-lists in a more efficient manner than ACL's. Also,
Prefix-lists
> allow you to edit or add to (delete from) any line without
having to
> take out the entire list (you can do it on the fly). My
personal opinion
> is to use prefix-lists in lieu of ACL's whenever possible.
> Thanks
> Vince Mashburn
> Voice / Network Engineer
> 901-263-5072
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
> Bryant, Paul M
> Sent: Friday, December 02, 2005 2:14 AM
> To: 'rosy bird'; ccielab@groupstudy.com
> Cc: swm@emanon.com
> Subject: RE: Basic Dielema....Acces-list or Prefix-List
>
> Hi Rosy
>! ;
> I have read that ACL should be avoid for route filtering as
Prefix-list
> are
> more efficent in the way that they are able to filter. For
other filter
> purposes obviously Prefix list are no good, i.e. port protocol
etc..
>
> I am not sure how the efficency is achieved I guess it is the
way in
> which
> the memory is used can be simpler with a Prefix-list than an
acl.
> Probably
> meaning it can be done in hardware. Perhaps one of the other
members of
> this
> group might know why they are more efficent in detail.
>
> Thanks
>
> Paul
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
> rosy
> bird
> Sent: 02 December 2005 07:52
> To: ccielab@groupstudy.com
> Cc: swm@emanon.com
> Subject: Basic Dielema....Acces-list or Prefix-List
>
&! gt;
> Just wanted to know which is the best practice..use of AC L or
Prefix
> list.Insituation where,using a prefix-list would not give any
specific
> advantage as such(unless specified of course)...is it ok to
use Acls ??
>
>
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3