Gert Doering wrote: > Hi, > > On Wed, May 30, 2007 at 01:33:21PM -0700, Kevin Graham wrote: >> If you are wiping them out, you should always remove them to be safe >> (even if weren't default-deny behavior when missing, there is an >> unavoidable window between creation and completion). > > Just to correct this small bit: default in IOS for packet ACLs is > "default-permit" *if the ACL is completely missing*. > > But usually you're dead in the water as soon as you copy-and-paste a > new version of the ACL and the first line gets active, prohibiting any > further lines to go through...
At least on the 6500 platforms, I believe the defined behaviour for named ACLs is that the changes are only applied once you exit the sub-mode? ...which makes it a particular shame that the commands: no all abort ...don't exist in that sub-mode. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
