I'd like to know about the difference of between access-list and ip access -list.

Discussion in 'Cisco' started by PS2 gamer, Jun 8, 2004.

  1. PS2 gamer

    PS2 gamer Guest

    Hi.
    I'd like to know that the difference of access-list and ip access-list.
    configure is much the same, but I can't understand the difference about
    those.
    what is the major difference?...
    Please, Let me show the sample config
    I'm waiting for the answer..
    Please, answer me as quicklly as possible
    PS2 gamer, Jun 8, 2004
    #1
    1. Advertising

  2. PS2 gamer

    Hansang Bae Guest

    In article <ca3aoq$91f$>, says...
    > Hi.
    > I'd like to know that the difference of access-list and ip access-list.
    > configure is much the same, but I can't understand the difference about
    > those.
    > what is the major difference?...
    > Please, Let me show the sample config
    > I'm waiting for the answer..
    > Please, answer me as quicklly as possible


    The former is limited to using numbers. I.e. access-list 10 permit
    blah. The latter allows you to use named ACL. ie 'ip access-list
    extended MYACL'


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Jun 8, 2004
    #2
    1. Advertising

  3. PS2 gamer

    AnyBody43 Guest

    Hansang Bae <> wrote in message news:<>...
    > In article <ca3aoq$91f$>, says...
    > > Hi.
    > > I'd like to know that the difference of access-list and ip access-list.
    > > configure is much the same, but I can't understand the difference about
    > > those.
    > > what is the major difference?...
    > > Please, Let me show the sample config
    > > I'm waiting for the answer..
    > > Please, answer me as quicklly as possible

    >
    > The former is limited to using numbers. I.e. access-list 10 permit
    > blah. The latter allows you to use named ACL. ie 'ip access-list
    > extended MYACL'


    IIRC the ip access-l version also allows access list editing by
    the use of sequence numbers. VERY handy.

    ip access-list 150
    no 30

    deletes sequence number 30 and leaves the rest untouched.

    Similarly you can insert into access lists too.

    Caveat, test this out of production. Don't blame me if the
    whole access list disappears.
    AnyBody43, Jun 8, 2004
    #3
  4. PS2 gamer

    Hansang Bae Guest

    In article <>, anybody43
    @hotmail.com says...
    > IIRC the ip access-l version also allows access list editing by
    > the use of sequence numbers. VERY handy.
    >
    > ip access-list 150
    > no 30
    >
    > deletes sequence number 30 and leaves the rest untouched.
    >
    > Similarly you can insert into access lists too.
    >
    > Caveat, test this out of production. Don't blame me if the
    > whole access list disappears.


    You can delete individual entries, but I don't think you can specify the
    number. I.e

    ip access-list extended Foobar
    permit gre any any
    deny gre host 1.1.1.1 host 22.2.2.2
    !
    then

    ip access-list extended Foobar
    no permit gre any any

    Will only leave "deny gre host 1.1.1.1 host 22.2.2.2" in the ACL.



    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Jun 8, 2004
    #4
  5. On Tue, 08 Jun 2004 16:50:20 GMT, Hansang Bae <> wrote:

    >In article <>, anybody43
    >@hotmail.com says...
    >> IIRC the ip access-l version also allows access list editing by
    >> the use of sequence numbers. VERY handy.
    >>
    >> ip access-list 150
    >> no 30
    >>
    >> deletes sequence number 30 and leaves the rest untouched.
    >>
    >> Similarly you can insert into access lists too.
    >>
    >> Caveat, test this out of production. Don't blame me if the
    >> whole access list disappears.

    >
    >You can delete individual entries, but I don't think you can specify the
    >number. I.e


    Bleeding-edge stuff:
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.html

    -Terry
    Terry Baranski, Jun 9, 2004
    #5
  6. PS2 gamer

    AnyBody43 Guest

    Terry Baranski <0VE.com> wrote
    > On Tue, 08 Jun 2004 16:50:20 GMT, Hansang Bae <> wrote:
    > > says...
    > >> IIRC the ip access-l version also allows access list editing by
    > >> the use of sequence numbers. VERY handy.
    > >> ip access-list 150
    > >> no 30
    > >> deletes sequence number 30 and leaves the rest untouched.
    > >>
    > >> Similarly you can insert into access lists too.
    > >>
    > >> Caveat, test this out of production. Don't blame me if the
    > >> whole access list disappears.

    > >
    > >You can delete individual entries, but I don't think you can specify the
    > >number. I.e

    >
    > Bleeding-edge stuff:
    > http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a60.html


    Bleeding indeed, I don't choose the software releases we use, the
    policy being to install the latest available software on everything.
    It does offer an exciting life.

    Thanks for the link, it does not though describe behaviour that I have
    seen. It looks as if details may vary from release to release.

    Doc says:
    "This feature does not support old-style numbered access lists,
    which existed before named access lists. Keep in mind that you
    can name an access list with a number, so numbers are allowed
    when they are entered in the standard or extended named access
    list (NACL) configuration mode."

    Here is a numbered access list that was edited using the new stuff.


    Router#
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.

    Router(config)#access-l 100 permit ip host 1.1.1.1 any
    Router(config)#access-l 100 permit ip host 1.1.1.2 any
    Router(config)#^Z


    Router#
    Router#sh run

    <..snip..>

    no ip http secure-server
    !
    access-list 100 permit ip host 1.1.1.1 any
    access-list 100 permit ip host 1.1.1.2 any
    !
    line con 0
    no modem enable
    <..snip..>

    Router#sh access-l
    Extended IP access list 100
    10 permit ip host 1.1.1.1 any
    20 permit ip host 1.1.1.2 any
    Router#conf t
    Enter configuration commands, one per line. End with CNTL/Z.

    Router(config)#ip access-l ext 100
    Router(config-ext-nacl)#no 10
    Router(config-ext-nacl)#^Z
    Router#sh access-l
    Extended IP access list 100
    20 permit ip host 1.1.1.2 any
    Router#
    Router#
    Router#sh ver
    Cisco Internetwork Operating System Software
    IOS (tm) C831 Software (C831-K9O3Y6-M), Version 12.3(2)XC, EARLY
    DEPLOYMENT RELEASE SOFTWARE (fc1)
    Synched to technology version 12.3(1.6)T
    AnyBody43, Jun 9, 2004
    #6
  7. PS2 gamer

    Hansang Bae Guest

    In article <>,
    0VE.com says...
    > Bleeding-edge stuff:
    > http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature
    > _guide09186a0080134a60.html


    I was looking for some other information yesterday and ran across this
    link. We're always behind in deploying the IOS so I never get to see
    the bleeding edge stuff. It seems like I'm constantly battling IOS bugs
    these days so as a policy, we're a few rev's behind.

    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Jun 9, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. J
    Replies:
    0
    Views:
    665
  2. Replies:
    0
    Views:
    657
  3. Replies:
    1
    Views:
    794
    Aaron Leonard
    Jun 22, 2007
  4. Dil
    Replies:
    0
    Views:
    1,284
  5. fashion t shirts seller
    Replies:
    0
    Views:
    1,079
    fashion t shirts seller
    Jun 13, 2011
Loading...

Share This Page