Newbie question re editing ACLs

Hi,

I need to modify an existing ACL. It has 21 lines, numbered in tens, 10 to

210. I want to add some lines after line 30. How can I do this without deleting the entire access-list and re-creating it?

Thanks,

SW

Reply to
S W
Loading thread data ...

Hello,

first of all, sequence numbering works only with named access lists. Have a look at this document, it describes the procedure to add lines in a named access list:

IP Access List Entry Sequence Numbering

formatting link
HTH,

Naz

Reply to
nazgulero

formatting link

Be very careful of access lists

ACL = All CPU lost [ Made that up on the fly]

We used to use them, but they kill the router under any kind of load. If you can avoid mostly them using a firewall it is a good idea.

i.e Let the router route and the firewall fireall.

Gary

Reply to
Gary

Unless you're running an ISP backbone, the overhead of ACLs should be negligible. Outbound ACLs have been fast-switched for about 15 years, and inbound ACLs are fast-switched since at least IOS 11.x.

Reply to
Barry Margolin

A possibly related newbie question... When the dialer (interesting or not) access-list in my 804 grew to 58 lines, I suddenly (and repeatably) got the following errors trying to enter it:

----- Sep 18 19:30:05.212 pdt: %SYS-2-MALLOCFAIL: Memory allocation of 264 bytes failed from 0x1BBF3C, alignment 4 Pool: iomem Free: 0 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate pool

-Process= "Pool Manager", ipl= 0, pid= 5

-Traceback= 19995C 19AC78 1BBF40 1A59BC 1A5BD0 31C4C

Sep 18 19:30:35.221 pdt: %SYS-2-MALLOCFAIL: Memory allocation of 1684 bytes failed from 0x1BBF3C, alignment 4 Pool: iomem Free: 0 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate pool

-Process= "Virtual Exec", ipl= 0, pid= 22

-Traceback= 19995C 19AC78 1BBF40 1BC360 1BC8A8 397430 39DDA0 39DF90

3A54DC 3A609C 3A2320 124E64 125038 130C04 130B08 12EB84

-----

I've seen people on the web talk about having configs with thousands of lines. Is an 804 so much more memory limited than a bigger router? I didn't bother exploring further, just eliminated some obsolete lines... No detectable change in speed, but then with only ISDN to feed it, I'm not surprised.

Loren

Reply to
Loren Amelang

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.