if you are using a plaform that supports the "config replace" feature, you could choose to build your new ACL off-line then do a replace of the partial config with the new ACL... :)
cheers .siva On Thu, 31 May 2007, Gert Doering wrote: > Hi, > > On Wed, May 30, 2007 at 01:33:21PM -0700, Kevin Graham wrote: >> If you are wiping them out, you should always remove them to be safe >> (even if weren't default-deny behavior when missing, there is an >> unavoidable window between creation and completion). > > Just to correct this small bit: default in IOS for packet ACLs is > "default-permit" *if the ACL is completely missing*. > > But usually you're dead in the water as soon as you copy-and-paste a > new version of the ACL and the first line gets active, prohibiting any > further lines to go through... > > gert > > -- > USENET is *not* the non-clickable part of WWW! > //www.muc.de/~gert/ > Gert Doering - Munich, Germany [EMAIL PROTECTED] > fax: +49-89-35655025 [EMAIL PROTECTED] > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
