Re: [OSL | CCIE_Security] ACL's

Tue, 16 Feb 2010 07:02:28 -0800 

for numbered acls you can still use ip access-list. This has the unique 
ability to modify the acl without having to recreat the entire acl to 
delete a line
eg.

r1#show ip access-list
Standard IP access list 80
     20 permit 9.4.45.4
     10 permit 9.2.1.100

ip access-list standard 80
  no 20
  30 permit 9.1.1.1

r1(config-std-nacl)#do show ip access-list
Standard IP access list 80
     30 permit 9.1.1.1
     10 permit 9.2.1.100



Johan Bornman wrote:
> Thanks.
>
>
>
> -----Original Message-----
> From: Brandon Carroll [mailto:[email protected]]
> Sent: 12 February 2010 20:59
> To: Johan Bornman
> Cc: [email protected]
> Subject: Re: [OSL | CCIE_Security] ACL's
>
> ip access-list for named ACLs and access-list for numbered.  It used
> to be that some features wouldn't support named acls and others would.
>   Just look at the feature you are using it for and if it supports
> named then thats what I would use.  Also, when you reference named
> ACLs in various features then you can often configure the feature
> prior to the ACL creation.   In the end follow the direction of the
> task.  If it doesn't specify then its your call.
>
> Hope that helps.
>
> Regards,
>
> Brandon Carroll - CCIE #23837
> Senior Technical Instructor - IPexpert
> Mailto: [email protected]
> Telephone: +1.810.326.1444
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
>
> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
> (R&S, Voice&  Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
> Security&  Service Provider) Certification Training with locations
> throughout the United States, Europe and Australia. Be sure to check
> out our online communities at www.ipexpert.com/communities and our
> public website at www.ipexpert.com.
>
>
>
>
> On Fri, Feb 12, 2010 at 10:37 AM, Johan Bornman<[email protected]>  wrote:
>    
>> Hi,
>>
>>
>>
>> When do I use "ip access-list" and when do I use access-list only?
>>
>>
>>
>> Johan
>>
>>
>>
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training, please
>> visit www.ipexpert.com
>>
>>
>>      
>
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please 
> visit www.ipexpert.com
>    

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to