Named ACL and ACE numbering

I created a new extended named ACL and enter a few ACEs numbered 10,20,30,100,110,1000 to give them plenty of space apart. When I reload the switch, the numbering has disappeared and they are all spaced 10 apart. Why does this happen and is there a way to maintain larger spaces? I am thinking that in time I may come to make many modifications to the ACL and the gap between two entries may reduce to nothing. I am not going to reload my switch just to reset the gaps and I would rather not remove the ACL completely and replace it to achieve the same.
thanks for any advice
Chris

The ACL is stored in RAM initially. When you display your access-list for instance you see the seqeunce numbers. When you display your're running configuration you don't see them.
Are you using ip access-list or the traditional access-list?
ip access-list extended Popey
10 permit ip host 10.10.10.10 any
100 permit ip 10.10.20.0 0.0.0.255 any
1000 deny ip any any

Similar Messages

  • ACL and sequence numbers

    I had the first two lines in the access list and all was well, I then added the 3rd. From what I need to put the 3rd entry (deny host 10.1.30.51) after the second entry and before the permit any. Even though I created sequence numbers in order of the 3 entries (10,20,30) the sequence numbers didnt put them in order and they dont even show up in the show run. What went wrong? How is it possible to edit an acl without sequence numbers also?
    Cause if I had:
    10 deny x.x.x.x
    20 deny x.x.x.x
    30 permit any
    Then I could add say 15 deny x.x.x.x, but now I cant and I dont even know what happened to the sequence numbers when I created them.
    Thanks.
    Standard IP access list 1
        deny host 10.1.30.50 (4 match(es))
        permit any (8 match(es))
        deny host 10.1.30.51
    Router#

    Hi Milan,
    Sequence numbers are indeed not supported if you define a numbered access list. With both standard and extended numbered ACLs, however, it is possible to do a trick: if you refer to them as named ACLs (use their number as their name), you actually are able to use the sequence numbers.
    For example:
    R1(config)# do show run | i access-listaccess-list 1 deny   192.0.2.1access-list 1 permit anyaccess-list 100 deny   ip host 192.0.2.1 anyaccess-list 100 permit ip any anyR1(config)# do show ip access-lStandard IP access list 1    10 deny   192.0.2.1    20 permit anyExtended IP access list 100    10 deny ip host 192.0.2.1 any    20 permit ip any anyR1(config)# ip access-list standard 1R1(config-std-nacl)# 15 deny 192.0.2.15R1(config-std-nacl)# exitR1(config)# do show access-listStandard IP access list 1    10 deny   192.0.2.1    15 deny   192.0.2.15    20 permit anyExtended IP access list 100    10 deny ip host 192.0.2.1 any    20 permit ip any anyR1(config)# ip access-list extended 100R1(config-ext-nacl)# 15 deny ip host 192.0.2.15 anyR1(config-ext-nacl)# exitR1(config)# do show access-lStandard IP access list 1    10 deny   192.0.2.1    15 deny   192.0.2.15    20 permit anyExtended IP access list 100    10 deny ip host 192.0.2.1 any    15 deny ip host 192.0.2.15 any    20 permit ip any any
    The router is even smart enough to disallow to refer to a named ACL whose name is a number of the opposite type than stated on the command line:
    R1(config)# ip access-list standard 101% % Invalid access list name.R1(config)# ip access-list extended 2% % Invalid access list name.
    What Collin may have in mind, though, is that host entries in standard ACLs are reorganized to a different order than entered:
    R1(config)# ip access-list standard TestR1(config-std-nacl)# permit 10.0.0.1R1(config-std-nacl)# deny 10.0.0.2R1(config-std-nacl)# permit 10.0.0.3R1(config-std-nacl)# deny 10.0.0.4R1(config-std-nacl)# permit 10.0.0.5R1(config-std-nacl)# deny 10.0.0.6R1(config-std-nacl)# permit 10.0.0.7R1(config-std-nacl)# deny 10.0.0.8R1(config-std-nacl)# permit anyR1(config-std-nacl)#exitR1(config)# do show access-list TestStandard IP access list Test    80 deny   10.0.0.8    20 deny   10.0.0.2    30 permit 10.0.0.3    10 permit 10.0.0.1    60 deny   10.0.0.6    70 permit 10.0.0.7    40 deny   10.0.0.4    50 permit 10.0.0.5    90 permit anyR1(config)# do show run | section Testip access-list standard Test deny   10.0.0.8 deny   10.0.0.2 permit 10.0.0.3 permit 10.0.0.1 deny   10.0.0.6 permit 10.0.0.7 deny   10.0.0.4 permit 10.0.0.5 permit any
    This reordering happens only with standard ACLs and is a result of indexing the host entries in the ACL into a hash table (the hash function being XOR of individual octets of the IP address in the host entry) for faster access. When printing out the ACL, first the host items are printed out in the order they are stored in the hashing table, and only then the remaining entries that use wildcards. Wildcard entries are not reordered.
    The funny thing is that the ACL is actually even stored in the configuration in the reordered form, and thus evaluated in a reordered form, which can be confusing. However, you may have noticed that the router will prohibit you from entering a host ACL after entering a wildcard ACL that also matches the IP address in a wildcard entry:
    R1(config)# ip access-list standard Test2R1(config-std-nacl)# permit 10.0.1.0 0.0.0.255R1(config-std-nacl)# deny 10.0.1.1% Access rule can't be configured at higher sequence num as it is part of the existing rule at sequence num 10R1(config-std-nacl)#
    Why is this? Obviously, a host entry can  either select the same action for a packet that would be taken by a more  general wildcard entry (in which case it is not necessary for the  host entry to be entered at all), or  it can override the action that would be chosen by a more general  wildcard entry. In this second case, it is necessary for this host entry  to be placed in the ACL first, otherwise it would never be reached. Ordering of host entries themselves can be arbitrary, as they do not influence each other.  This leads us to a general logic in standard ACLs - it is required to put  all host entries first, and wildcard entries last. Now it is completely logical to visit all host entries first (indexed by a hash for rapid access), and then visit the wildcard entries.
    Quite a long post... sorry for that. Hopefully, we've resolved some of the doubts.
    Best regards,
    Peter

  • 3850 mobility - - named ACLS From ISE

    Hi all
    i'm middle in the test for 3850 MC- Downloadable ACLs,  i settle up at ISE and working good in 2960. But as you know
    when i use DACL with WLC(3850). ISE just send ACLs name and WLC get that ACLs name then ACLs working on.
    But i think ISE send a acls name but wlc not working... i already double check acls name..and.. what?
    So do you have any document for this? Step by Step. 
    thank you

    thank you salodh
    OK Not a downlodable ACLs in WLC, I want know is  ISE give a named ACLs to WLC and ACLs works in
    WLC for Wireless Client. am i clear?
    i configured ACLs of WLC at ISE and also made same acl in WLC but ACLS didn't work.

  • Named ACL issue

    Hi all
    ---R1------R2
    Both R1 and R2 run EIGRP. now there is the prefix 172.16.(1~255).0/24,and the summary prefix 172.16.0.0/16 coming into R1,
    Here has a problem: they require only can use "PERMIT" and named ACL at R1's interface which links to R2 to deny the prefix 172.16.10.0/24 into the R2.
    what shall i do?
    thanks advance!

    Hi Matthew,
    Could you please explain the task more clearly. I'm a little confused:
    The summary prefix 172.16.0.0/16 comes from R2-to-R1.
    I believe the task is to deny prefix 172.16.10.0/24 coming from R2-to-R1.
    Are there any other conditions?
    Can I remove and change the summarization on R2?
    Is there a limitation on the number of acl statements on R1?
    Cheers:
    Istvan

  • Does QPM 4.1 support Named ACLs

        Could any help with this, i downloaded a trial version of QPM and i am trying to import a QoS policy from our switches and its failing as the ACLs used for classification on the switches are Named ACLs. Does QPM support Named ACLs or not?

    A lot of it stems from the large and complex nature of the models we employ. Hardly a week goes by that we don't grind to a halt due to a bug in jpox. That then leeds to the thorny problem of trying to discuss the problem on the jpox forums, where there are basically only two members that know the product well enough to help... Net result, they are overwhelmed, and from one of them it comes across in the rudeness of replies. This puts people off, including us.
    I contrast this with the Hibernate and Spring communities, which I have personally been involved with and found to be both thriving and rewarding.
    A bit of QA and respecteful support will be wonderfull. We are happy to pay a company for that because of the man hours it saves. I sincerely hope that Kodo JDO works out for us.

  • I have four devices on one Apple ID, i have separate emails and phone numbers for each device but when I tried to add one to my iPod, it said that the email was already in use.

    I have four devices on one Apple ID, i have seperate emails and phone numbers for each device but when I tried to add one to my iPod, it said that the email was already in use.  I have tried many things and the only guess I have is that either someone else has this email as their iMessage but is fake or it wasn't taken off my old iPod when I reset it.  Any ideas on what to do?

    Thanks but that doesn't give me the information I need.  I am putting an email on my ipod for people to contact me for iMessage and FaceTime but when I put the email in, it gives me an error saying that the email cannot be veirified because it is already in use.  My Apple ID can be varified, just not the email that they will contact me with.

  • I see people from different ages at my work and every month I need to count how many people from each age I've seen that month. How can I do to give the entries to numbers in a single cell and make numbers count them for me?

    I see people from different ages at my work and every month I need to count how many people from each age I've seen that month. How can I do to give the entries to numbers in a single cell and make numbers count them for me? The final result would be a spreadsheet telling there were 8 people from 20 to 39 years old, 14 peolple from 40 to 59 and so on...

    jpqcampos wrote:
    This appears to be an 'input form' using 'Radio Buttons' to select the category. Neither of these features are supported in Numbers '09.
    You can input the data on one table and summarize it on a second table, but the input table will continue to hold data for each event.
    And by using the Reorganize button, you can hide all but two rows of that table to approximate the appearance and performance of an input form.
    Here are the two tables, Data on the left and Summary on the right. Notes below.
    The grey-filled columns in both tables are 'working' columns, and may be hidden (as shown in the image below).
    Data table:
    D1 contains the word "TRUE" (in capital letters). (This row is always shown.)
    D2 is empty, or may contain any value except "TRUE" (This row is always hidden under the Reorganize rule.)The rest of Row 2 of this table requires the data shown: a number outside the range to be counted (999), and two checkboxes, both checked.
    D3 (and filled down the rest of column D):   =AND(OR(B2,C2),NOT(OR(B3,C3)))
    The formula returns TRUE only for the first unused row in the table (ie. the first row for which neither checkbox has been checked)
    Summary table:
    Column A contains labels for the age ranges to be counted.
    Column B contains the same information in the form necessary for the formulas in columns C and D. They need a numeric value, and that value must be the largest acceptable value in the range to be counted.
    C2 (and filled right to column D, then both filled down to row 5):
        =COUNTIFS(Data :: $A,"<="&$B,Data :: B,TRUE)-SUM(C$1:C1)
    Two changes from the previous example:
    COUNTIFS is used to separate the Native and Foreign counts as well as the age range to be counted.
    The amount subtracted from each result is the SUM of the earlier results, and includes the text value in the first cell of the column (which is interpreted by SUM as a zero).
    See note below regarding my earlier formula.
    When the greyed columns are hidden and the checkbox in the Reorganize pane is checked, the two tables will appear as shown below:
    Close the reorganize pane, and the 'data entry form' is ready to use.
    To use, enter the age first, then check one of the boxes.
    As soon as one box is checked, the row will be hidden, and the next (unused) row will be shown.
    Regards,
    Barry
    Note regarding formula in my earlier post:
    The earlier formula will give erroneous results as it subtracts only the count directly above it from its count of persons in the age range 0-n.
    In E2 of that table, replace "-E1" with "-SUM(E1:E$1)
    Fill down to E8.
    Ignore the instructions (in that post) following "Fill down to E8."
    B

  • I used the disc and track numbers, but it won't show on my iPod as separate CDs?

    Hi,
    I used the disc and track numbers of get info in iTunes, and I would like to have my CDs separate like if they are 3 CDs on my iPod Classic rather then having a big long list of songs, but after using the disc and track numbers, I still don't see on my iPod which one is CD1, and etc. I took a screenshot of my iTunes. How could I have my CDs separate just like the originals?
    http://imageshack.us/photo/my-images/341/89226837.jpg/
    That's the screenshot.

    See Corrupt iPod classic for tips if the iPod isn't working as expected and contains media that isn't in your active library.
    See Grouping tracks into albums for organizational tips.
    tt2

  • .How do I find out what Version (generation) of Ipod touch I have, as I want to know if I can download IOS 5 onto it? It was a gift so I only know the model and serial numbers but not the type

    Hi, can anyone help me out with this question?
    How can I find out which version of Ipod touch I have. I only have the model and serial numbers as it was a gift, but I would like to download IOS 5 if it is compatible?
    Very frustrated Ipod user, any advice would be much appreciated.
    Lynda.

    I had the same problem because there are so many iPod models.  There is a great article in Wikileaks that explains it all and also has pictures.  I'm confident this answer your question.

  • I have added a 5 songs from a single album and in Ipod it comes as enigma album and in that one song is available and another album named enigma and another song. IT happens for 5 songs also. How to make all the 5 songs in one album name Enigma

    I have added a 5 songs from a single album and in Ipod it comes as enigma album and in that one song is available and another album named enigma and another song. IT happens for 5 songs also. How to make all the 5 songs in one album name Enigma???

    I am working on a friend of mine's 15g ipod(W/dock connector)and I am having the same trouble except it does it to all the songs. I have tried reseting it multiple times, but to no avail.
    I am not sure that this runs on windows XP, it is absolutly archaic (compared to my 5th gen. 30g video).
    Help?
    15g ipod (w/dock connector)   Windows XP  
      Windows XP  

  • How can I read the bootstrap files and extract the fragment-URLs and fragment-numbers in plain text?

    How can I read the bootstrap files of any HDS Live stream and extract the fragment-URLs and fragment-numbers in plain text?
    Could it be that it is some kind of compressed format in the bootstrap? Can I uncompress it wirh  f4fpackager.exe? Could not find any download for f4fpackager.exe. I would prefere less code to do so. Is there something in Java of JavaScript, that can extract the fragment-numbers?
    Thank you!

    Doesn't sound too hard to me. Your class User (the convention says to capitalize class names) will have an ArrayList or Vector in it to represent the queue, and a method to store a Packet object into the List. An array or ArrayList or Vector will hold the 10 user objects. You will find the right user object from packet.user_id and call the method.
    Please try to write some code yourself. You won't learn anything from having someone else write it for you. Look at sample code using ArrayList and Vector, there's plenty out there. Post in the forum again if your code turns out not to behave.

  • TS4213 Why can't iPhoto, Pages, Numbers, Keynote and iMovie access my iTunes Library files and Pages, Numbers, Keynote and iMovie access my iPhoto Library files now that I upgraded to '11?

    Why can't iPhoto, Pages, Numbers, Keynote and iMovie access my iTunes Library files and Pages, Numbers, Keynote and iMovie access my iPhoto Library files now that I upgraded to '11?
    Examples of what is going on:
    1. In Pages, Numbers & Keynote, when I go to the media browser the Audio section reads "Open iTunes to populate this list" even after iTunes has been opened, .xml file has been replaced/repaired, etc  AND Photo section reads "Open iPhoto to see photos from your iPhoto Library in this list" even after iPhoto Library has been replaced and new default library created.
    2. In iMovie, similar thing ... when I go to add photos or music to a movie the iTunes files aren't present and the iPhoto photos are missing with similar messages as in #1.
    3. In iPhoto, similar thing ... when I go to add music to a slideshow it says to "Open iTunes to populate this list".
    It is shocking to me that Apple would let something as simple as a pathway link to associated library files get this messed up on an upgrade, but what's even more surprising is that with the number of people who seem to be having this particular issue (and I can tell from all the research that I've done for weeks online that there are a lot of them) that there doesn't seem to be a single clear answer to fixing it anywhere on these community support forums.  Most of what I've seen is rehashed advice from outdated issues.  What I need is a simple answer to how do we get these programs to look for the correct location of the photo and music files because I sure can't seem to find any logical place to do that through the programs' preferences files or the system preferences window?
    Any help would be greatly appreciated.
    P.S. Here's the details on the software/hardware:
    MacBook Pro
    Mac OS X
    Version 10.7.5
    2.4 GHz Intel Core 2 Duo
    8 GB 1067 MHz DDR3
    iTunes 11.0.4 (4)
    iPhoto '11 9.4.3 (720.91)
    iMovie '11 9.0.9 (1795)
    Keynote '09 5.3 (1170)
    Pages '09 4.3 (1048)
    Numbers '09 2.3 (554)

    I have the same problem on a new MacBook Pro. I have not been able to access the iTunes library from iPhoto since I got this computer. I looked in the Preferences file and deleted the com.apple.iApps.plist but there was no com.apple.iApps.lockfile so I just deleted the iAPPs.plist and rebooted the computer.  Still no iTunes available in iPhoto.
    All my music is in iTunes and plays. After reading the above I brought up Pages and I was able to access music and insert a track into a document.
    Do you have any suggestions.

  • HT201304 I am trying to use an iTunes card and I keep getting an error and the numbers 5301. Any idea what can be wrong?

    I am trying to use an iTunes card and I keep getting an error and the numbers 5301. Any idea what can be wrong?

    AIrPlay to Apple TV before you attempt Mirroring
    AirPlay Mirroring
    http://support.apple.com/kb/HT5209
    Trouble shooting AirPlay
    http://support.apple.com/kb/TS4215

  • Archiving Equipments and Serial Numbers

    Dear PM Experts,
    I have searched alot for how to do archiving for equipments and serial numbers and i used SARA and maintained variant what so ever but at the end i got the job cancelled in the log , can anyone please tell me steps to do archiving for equipments and serial numbers in brief, I really appreciate all the great support here,
    Much Thanks in advance

    Hi,
    [Archiving Serial Numbers|http://help.sap.com/saphelp_46c/helpdata/en/38/d2a784d02411d395c500a0c93029cf/content.htm]
    [Useful Link|http://www.sapfans.com/forums/viewtopic.php?f=7&t=169672]
    I have not tried this (equipment with serial number).
    BADI_CCM_EQUI_ARC. This is Equipment Archiving BADI => Analyse this with your ABAPer.
    Regards,
    Maheswaran.

  • Need Suggestion to update existing EMP and ASG Numbers

    Hi All,
    Oracle E-Business Suite 11.5.10.2 version
    Live with HR,Payroll,GL,Payables,Purchasing, Receivables,Order Management
    Oralce DB 9i
    Legislation: US
    State mandates that no social security numbers should be
    electronically transmitted outside the system. Since we have
    Employee Number set as "Use National Identifier Number" in Business
    Group definition, both Employee number and Assignment Numbers are
    generated with National Identifiers. In most of the reports, alerts,
    data files we use Employee Number/Assignment Numbers and
    electronically transmit them to third parties.
    This is the reason why we want to change the existing Employee
    Numbers and Assignment Numbers to use Automatic Sequence numbers
    rather than National Identifiers.
    If anyone have done this earlier, could you please share your
    experience with me. What is the best practice/solution to approach
    it.
    Thanks,
    Sridhar

    Hi,
    Have you handled the case of modifying the existing users in your scheduled task or in OIM. How will the OIM know whether the user coming from flat file is an existing or a new one. If you have not, then first try to find the user and update it
    This is the plain GTC Flat File connector and I have not done any configuration in OIM to determine whether user is an existing user or a new user.This connector is able to create new user successfully .
    Please provide information about what are all the steps needed to configure for updating an existing user
    Regards,
    Madhu

Maybe you are looking for

  • Select query in SAP SCRIPT

    Dear Experts, In printing of MB23n , I need to print STR_SUPPL1 and STR_SUPPL2 from ARDC table. I already have ADDRNUMBER. We are using SAP SCRIPT. Please guide me how to insert the following query in SAP SCRIPT. tables: lfa1, adrc. data: begin of it

  • Error in accessing I tunes-"Windows cannot access the specified device,path, or file. You may not have the appropriate permission to access the item"?

    Question- Cannot access to Itunes after downloading photos. Message was "Windows cannot access to the specified device, path or file. You may not have the appropriate permissions to access the item". Plse advise

  • Report for outline agreement

    Hi Guys: I`m wondering on R/3, is there some transaction code or dynamic selection i can use to run a report for outline agreement. i am looking for one report that will generate following information: Outline agreements that has not been used since

  • Charging Plug

    My chargin plug for a MBA appears to have failed. The light does not come on at the connection point. Can I use the charging plug for a MBP until I can get another MBA plug? And what do I look for when purchasing a new charging plug for a MBA? All co

  • Printing poster or large pictures

    Hi I have been using our 6280 to print 8.5x11 borderless photo prints for a composite image. I have an original photo in Photoshop that I grid divide into 11" squares and move around the picture in 8.5 inch sections to copy and make separate prints o