distribute list change
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
in CCNP
I have a distribute list in router config mode for EIGRP. This list basically blocks some static routes from being redistributed into eigrp and causing loops.
Now I have to change the access-list that the distribute-list calls to define what to block. I need to add an entry.
My question is, if I clear out this access-list to modify it, is that going to simultaneously kill my distribute-list in EIGRP config mode and cause DUAL to recalculate the topo table and send out an update?
Because if that happens I will get loops to critical servers and that won;t jive.
So I think lesson learned here is use a named ACL for potentially dynamic ACL's????????
Now I have to change the access-list that the distribute-list calls to define what to block. I need to add an entry.
My question is, if I clear out this access-list to modify it, is that going to simultaneously kill my distribute-list in EIGRP config mode and cause DUAL to recalculate the topo table and send out an update?
Because if that happens I will get loops to critical servers and that won;t jive.
So I think lesson learned here is use a named ACL for potentially dynamic ACL's????????
There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
Comments
-
cisco_trooper
Member Posts: 1,441 ■■■■□□□□□□
Netstudent wrote:I have a distribute list in router config mode for EIGRP. This list basically blocks some static routes from being redistributed into eigrp and causing loops.
Now I have to change the access-list that the distribute-list calls to define what to block. I need to add an entry.
My question is, if I clear out this access-list to modify it, is that going to simultaneously kill my distribute-list in EIGRP config mode and cause DUAL to recalculate the topo table and send out an update?
Because if that happens I will get loops to critical servers and that won;t jive.
So I think lesson learned here is use a named ACL for potentially dynamic ACL's????????
ACLs take effect immediately. Perhaps create a new ACL and modify your distribute-list to use the new ACL when you have it ready.... This way you can immediately return to the old ACL if you screw something up. I would recommend scheduling downtime for this if possible. -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
Depending on the IOS version you can edit a numbered ACL just like a named ACL.
(config)# ip access-list standard 10
(config-std-nacl)#
Then you can use the "no <sequence number>" command to drop the entries you don't wantThe only easy day was yesterday! -
cisco_trooper
Member Posts: 1,441 ■■■■□□□□□□
dtlokee wrote:Depending on the IOS version you can edit a numbered ACL just like a named ACL.
(config)# ip access-list standard 10
(config-std-nacl)#
Then you can use the "no <sequence number>" command to drop the entries you don't want
Hah. That's sweet. I didn't know you could do that. As always, DT has the answers.... -
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
Hey that worked like a charm. No interruptions at all. Thanks. I'll have to jot that one down in my mental notes.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!