Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > I'd like to know about the difference of between access-list and ip access -list.

Reply
Thread Tools

I'd like to know about the difference of between access-list and ip access -list.

 
 
PS2 gamer
Guest
Posts: n/a
 
      06-08-2004
Hi.
I'd like to know that the difference of access-list and ip access-list.
configure is much the same, but I can't understand the difference about
those.
what is the major difference?...
Please, Let me show the sample config
I'm waiting for the answer..
Please, answer me as quicklly as possible



 
Reply With Quote
 
 
 
 
Hansang Bae
Guest
Posts: n/a
 
      06-08-2004
In article <ca3aoq$91f$(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> Hi.
> I'd like to know that the difference of access-list and ip access-list.
> configure is much the same, but I can't understand the difference about
> those.
> what is the major difference?...
> Please, Let me show the sample config
> I'm waiting for the answer..
> Please, answer me as quicklly as possible


The former is limited to using numbers. I.e. access-list 10 permit
blah. The latter allows you to use named ACL. ie 'ip access-list
extended MYACL'


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
 
 
 
AnyBody43
Guest
Posts: n/a
 
      06-08-2004
Hansang Bae <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> In article <ca3aoq$91f$(E-Mail Removed)>, (E-Mail Removed) says...
> > Hi.
> > I'd like to know that the difference of access-list and ip access-list.
> > configure is much the same, but I can't understand the difference about
> > those.
> > what is the major difference?...
> > Please, Let me show the sample config
> > I'm waiting for the answer..
> > Please, answer me as quicklly as possible

>
> The former is limited to using numbers. I.e. access-list 10 permit
> blah. The latter allows you to use named ACL. ie 'ip access-list
> extended MYACL'


IIRC the ip access-l version also allows access list editing by
the use of sequence numbers. VERY handy.

ip access-list 150
no 30

deletes sequence number 30 and leaves the rest untouched.

Similarly you can insert into access lists too.

Caveat, test this out of production. Don't blame me if the
whole access list disappears.
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      06-08-2004
In article <(E-Mail Removed)> , anybody43
@hotmail.com says...
> IIRC the ip access-l version also allows access list editing by
> the use of sequence numbers. VERY handy.
>
> ip access-list 150
> no 30
>
> deletes sequence number 30 and leaves the rest untouched.
>
> Similarly you can insert into access lists too.
>
> Caveat, test this out of production. Don't blame me if the
> whole access list disappears.


You can delete individual entries, but I don't think you can specify the
number. I.e

ip access-list extended Foobar
permit gre any any
deny gre host 1.1.1.1 host 22.2.2.2
!
then

ip access-list extended Foobar
no permit gre any any

Will only leave "deny gre host 1.1.1.1 host 22.2.2.2" in the ACL.



--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
Terry Baranski
Guest
Posts: n/a
 
      06-09-2004
On Tue, 08 Jun 2004 16:50:20 GMT, Hansang Bae <(E-Mail Removed)> wrote:

>In article <(E-Mail Removed)> , anybody43
>@hotmail.com says...
>> IIRC the ip access-l version also allows access list editing by
>> the use of sequence numbers. VERY handy.
>>
>> ip access-list 150
>> no 30
>>
>> deletes sequence number 30 and leaves the rest untouched.
>>
>> Similarly you can insert into access lists too.
>>
>> Caveat, test this out of production. Don't blame me if the
>> whole access list disappears.

>
>You can delete individual entries, but I don't think you can specify the
>number. I.e


Bleeding-edge stuff:
http://www.cisco.com/en/US/products/...080134a60.html

-Terry
 
Reply With Quote
 
AnyBody43
Guest
Posts: n/a
 
      06-09-2004
Terry Baranski <(E-Mail Removed)0VE.com> wrote
> On Tue, 08 Jun 2004 16:50:20 GMT, Hansang Bae <(E-Mail Removed)> wrote:
> >(E-Mail Removed) says...
> >> IIRC the ip access-l version also allows access list editing by
> >> the use of sequence numbers. VERY handy.
> >> ip access-list 150
> >> no 30
> >> deletes sequence number 30 and leaves the rest untouched.
> >>
> >> Similarly you can insert into access lists too.
> >>
> >> Caveat, test this out of production. Don't blame me if the
> >> whole access list disappears.

> >
> >You can delete individual entries, but I don't think you can specify the
> >number. I.e

>
> Bleeding-edge stuff:
> http://www.cisco.com/en/US/products/...080134a60.html


Bleeding indeed, I don't choose the software releases we use, the
policy being to install the latest available software on everything.
It does offer an exciting life.

Thanks for the link, it does not though describe behaviour that I have
seen. It looks as if details may vary from release to release.

Doc says:
"This feature does not support old-style numbered access lists,
which existed before named access lists. Keep in mind that you
can name an access list with a number, so numbers are allowed
when they are entered in the standard or extended named access
list (NACL) configuration mode."

Here is a numbered access list that was edited using the new stuff.


Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#access-l 100 permit ip host 1.1.1.1 any
Router(config)#access-l 100 permit ip host 1.1.1.2 any
Router(config)#^Z


Router#
Router#sh run

<..snip..>

no ip http secure-server
!
access-list 100 permit ip host 1.1.1.1 any
access-list 100 permit ip host 1.1.1.2 any
!
line con 0
no modem enable
<..snip..>

Router#sh access-l
Extended IP access list 100
10 permit ip host 1.1.1.1 any
20 permit ip host 1.1.1.2 any
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip access-l ext 100
Router(config-ext-nacl)#no 10
Router(config-ext-nacl)#^Z
Router#sh access-l
Extended IP access list 100
20 permit ip host 1.1.1.2 any
Router#
Router#
Router#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C831 Software (C831-K9O3Y6-M), Version 12.3(2)XC, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)
Synched to technology version 12.3(1.6)T
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      06-09-2004
In article <(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed)0VE.com says...
> Bleeding-edge stuff:
> http://www.cisco.com/en/US/products/...oducts_feature
> _guide09186a0080134a60.html


I was looking for some other information yesterday and ran across this
link. We're always behind in deploying the IOS so I never get to see
the bleeding edge stuff. It seems like I'm constantly battling IOS bugs
these days so as a policy, we're a few rev's behind.

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone know the difference between Tomcat Valve and Filter? jacksuyu@gmail.com Java 3 11-06-2005 09:36 AM
Difference between bin and obj directories and difference between project references and dll references jakk ASP .Net 4 03-22-2005 09:23 PM
Why do so few people know the difference between arrays and pointers. Me C Programming 79 06-18-2004 12:35 PM
I know, I know, I don't know Andries Perl Misc 3 04-23-2004 02:17 AM



Advertisments