Hi,
I need to modify an existing ACL. It has 21 lines, numbered in tens, 10 to
210. I want to add some lines after line 30. How can I do this without deleting the entire access-list and re-creating it?Thanks,
SW
Hi,
I need to modify an existing ACL. It has 21 lines, numbered in tens, 10 to
210. I want to add some lines after line 30. How can I do this without deleting the entire access-list and re-creating it?Thanks,
SW
Hello,
first of all, sequence numbering works only with named access lists. Have a look at this document, it describes the procedure to add lines in a named access list:
IP Access List Entry Sequence Numbering
Naz
Be very careful of access lists
ACL = All CPU lost [ Made that up on the fly]
We used to use them, but they kill the router under any kind of load. If you can avoid mostly them using a firewall it is a good idea.
i.e Let the router route and the firewall fireall.
Gary
Unless you're running an ISP backbone, the overhead of ACLs should be negligible. Outbound ACLs have been fast-switched for about 15 years, and inbound ACLs are fast-switched since at least IOS 11.x.
A possibly related newbie question... When the dialer (interesting or not) access-list in my 804 grew to 58 lines, I suddenly (and repeatably) got the following errors trying to enter it:
----- Sep 18 19:30:05.212 pdt: %SYS-2-MALLOCFAIL: Memory allocation of 264 bytes failed from 0x1BBF3C, alignment 4 Pool: iomem Free: 0 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Pool Manager", ipl= 0, pid= 5
-Traceback= 19995C 19AC78 1BBF40 1A59BC 1A5BD0 31C4C
Sep 18 19:30:35.221 pdt: %SYS-2-MALLOCFAIL: Memory allocation of 1684 bytes failed from 0x1BBF3C, alignment 4 Pool: iomem Free: 0 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Virtual Exec", ipl= 0, pid= 22
-Traceback= 19995C 19AC78 1BBF40 1BC360 1BC8A8 397430 39DDA0 39DF90
3A54DC 3A609C 3A2320 124E64 125038 130C04 130B08 12EB84-----
I've seen people on the web talk about having configs with thousands of lines. Is an 804 so much more memory limited than a bigger router? I didn't bother exploring further, just eliminated some obsolete lines... No detectable change in speed, but then with only ISDN to feed it, I'm not surprised.
Loren
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.