access-list line number weird issue

itdaddy · January 2016

okay. I add a line number to my access-list say

50 permit 192.168.1.100

but when i look it shows on all my routers the same sequence. It shows the highest line number always on top. It does it to all my routers. what the heck? why doesnt it put it on bottom. when I worked at Fiserv all my acls worked normal. is that because of my IOS being like 12.4 vs were using 15.1 and above?

50 permit
10 permit
20 permit
30 permit

it should be

10 permit
20 permit
30 permit
50 permit

advanex1 · January 2016

Dunno, but you can resequence them if you want... if it irritates you

. Granted, it looks like you would end up with another issue and that is you would have to place an increment to sequence them by.. thus you would probably end up with your access-list 50 turning into 40.

IP Access List Entry Sequence Numbering - Cisco

Iristheangel · January 2016

Depends on what the ACE entails. Host entries in standard ACLs are reorganized in a different order than entered. It tends to happen when standard ACLs due to the indexing the host entries into the ACL into a hash table for faster access. It tends to be confusing because it stores it in the config that way and it is in evaluated that way. From what I've seen, you can't enter a host ACL after a wildcard ACL that matches that same address.

itdaddy · January 2016

This is the exact list idea I am talking about. I could have sworn when I changed them at Fiserv they always followed their order of sequence number. I am not sure what you guys/gals mean. I know i added sequence number before and they never looked like this I expectted correct order. can you explain more you think why Iristheangel?

Standard IP access list SNMP-List
50 permit 192.168.196.150
10 permit 192.168.196.8 (146378 matches)
20 permit 192.168.196.100 (870 matches)
30 permit 192.168.196.69

access-list line number weird issue

Comments