Newbie question re editing ACLs

Discussion in 'Cisco' started by S W, Nov 14, 2005.

  1. S W

    S W Guest

    Hi,

    I need to modify an existing ACL. It has 21 lines, numbered in tens, 10 to
    210.
    I want to add some lines after line 30. How can I do this without deleting
    the entire access-list and re-creating it?

    Thanks,

    SW
    S W, Nov 14, 2005
    #1
    1. Advertising

  2. S W

    nazgulero Guest

    nazgulero, Nov 14, 2005
    #2
    1. Advertising

  3. S W

    Gary Guest

    "nazgulero" <> wrote in message
    news:...
    > Hello,
    >
    > first of all, sequence numbering works only with named access lists.
    > Have a look at this document, it describes the procedure to add lines
    > in a named access list:
    >
    > IP Access List Entry Sequence Numbering
    >
    > http://www.cisco.com/univercd/cc/td.../122snwft/release/122s14/fsaclseq.htm#1040665
    >
    > HTH,
    >
    > Naz
    >

    Be very careful of access lists

    ACL = All CPU lost [ Made that up on the fly]

    We used to use them, but they kill the router under any kind of load. If you
    can avoid mostly them using a firewall it is a good idea.

    i.e Let the router route and the firewall fireall.

    Gary
    Gary, Nov 15, 2005
    #3
  4. In article <T2aef.27666$2k5.3872@dukeread09>,
    "Gary" <> wrote:

    > Be very careful of access lists
    >
    > ACL = All CPU lost [ Made that up on the fly]
    >
    > We used to use them, but they kill the router under any kind of load.


    Unless you're running an ISP backbone, the overhead of ACLs should be
    negligible. Outbound ACLs have been fast-switched for about 15 years,
    and inbound ACLs are fast-switched since at least IOS 11.x.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    Barry Margolin, Nov 15, 2005
    #4
  5. On Mon, 14 Nov 2005 20:31:30 -0500, Barry Margolin
    <> wrote:

    >In article <T2aef.27666$2k5.3872@dukeread09>,
    > "Gary" <> wrote:
    >
    >> Be very careful of access lists
    >>
    >> ACL = All CPU lost [ Made that up on the fly]
    >>
    >> We used to use them, but they kill the router under any kind of load.

    >
    >Unless you're running an ISP backbone, the overhead of ACLs should be
    >negligible. Outbound ACLs have been fast-switched for about 15 years,
    >and inbound ACLs are fast-switched since at least IOS 11.x.


    A possibly related newbie question... When the dialer (interesting or
    not) access-list in my 804 grew to 58 lines, I suddenly (and
    repeatably) got the following errors trying to enter it:
    -----
    Sep 18 19:30:05.212 pdt: %SYS-2-MALLOCFAIL: Memory allocation of 264
    bytes failed from 0x1BBF3C, alignment 4
    Pool: iomem Free: 0 Cause: Not enough free memory
    Alternate Pool: None Free: 0 Cause: No Alternate pool

    -Process= "Pool Manager", ipl= 0, pid= 5
    -Traceback= 19995C 19AC78 1BBF40 1A59BC 1A5BD0 31C4C

    Sep 18 19:30:35.221 pdt: %SYS-2-MALLOCFAIL: Memory allocation of 1684
    bytes failed from 0x1BBF3C, alignment 4
    Pool: iomem Free: 0 Cause: Not enough free memory
    Alternate Pool: None Free: 0 Cause: No Alternate pool

    -Process= "Virtual Exec", ipl= 0, pid= 22
    -Traceback= 19995C 19AC78 1BBF40 1BC360 1BC8A8 397430 39DDA0 39DF90
    3A54DC 3A609C 3A2320 124E64 125038 130C04 130B08 12EB84
    -----

    I've seen people on the web talk about having configs with thousands
    of lines. Is an 804 so much more memory limited than a bigger router?
    I didn't bother exploring further, just eliminated some obsolete
    lines... No detectable change in speed, but then with only ISDN to
    feed it, I'm not surprised.

    Loren
    Loren Amelang, Nov 15, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cakeholes
    Replies:
    1
    Views:
    1,923
    Walter Roberson
    Jan 12, 2005
  2. Ed Pulliam

    Newbie at video editing has question re mixing audio

    Ed Pulliam, Oct 26, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    357
    pcbutts1
    Oct 26, 2003
  3. Jon Burke

    Newbie Batch Editing Question

    Jon Burke, Jun 16, 2006, in forum: Digital Photography
    Replies:
    5
    Views:
    292
    John McWilliams
    Jun 16, 2006
  4. ttripp
    Replies:
    4
    Views:
    2,064
    bod43
    Dec 12, 2008
  5. Bryan Richardson

    Question About UDP ACLs in IOS

    Bryan Richardson, Apr 23, 2009, in forum: Cisco
    Replies:
    2
    Views:
    558
    bod43
    Apr 23, 2009
Loading...

Share This Page