access-list line number weird issue

okay. I add a line number to my access-list say

50 permit 192.168.1.100

but when i look it shows on all my routers the same sequence. It shows the highest line number always on top. It does it to all my routers. what the heck? why doesnt it put it on bottom. when I worked at Fiserv all my acls worked normal. is that because of my IOS being like 12.4 vs were using 15.1 and above?

50 permit
10 permit
20 permit
30 permit

it should be

10 permit
20 permit
30 permit
50 permit

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

advanex1

Dunno, but you can resequence them if you want... if it irritates you

. Granted, it looks like you would end up with another issue and that is you would have to place an increment to sequence them by.. thus you would probably end up with your access-list 50 turning into 40.

IP Access List Entry Sequence Numbering - Cisco

Iristheangel

Depends on what the ACE entails. Host entries in standard ACLs are reorganized in a different order than entered. It tends to happen when standard ACLs due to the indexing the host entries into the ACL into a hash table for faster access. It tends to be confusing because it stores it in the config that way and it is in evaluated that way. From what I've seen, you can't enter a host ACL after a wildcard ACL that matches that same address.

itdaddy

This is the exact list idea I am talking about. I could have sworn when I changed them at Fiserv they always followed their order of sequence number. I am not sure what you guys/gals mean. I know i added sequence number before and they never looked like this I expectted correct order. can you explain more you think why Iristheangel?

Standard IP access list SNMP-List
50 permit 192.168.196.150
10 permit 192.168.196.8 (146378 matches)
20 permit 192.168.196.100 (870 matches)
30 permit 192.168.196.69