I'm playing about with standard access lists at the moment and would like to clarify something.
I was always taught that when you enter a new permit or deny statement it was added to the end of the access list. Yet if I enter the following lines in this order
config t
access-list 5 permit 192.168.20.32 0.0.0.3
access-list 5 deny host 192.168.20.33
exit
config t
int fastEthernet 0
ip access-group 5 in
exit
then do a show run they are listed the other way around:
access-list 5 deny 192.168.20.33
access-list 5 permit 192.168.20.32 0.0.0.3
I then add another statement:
access-list 5 deny host 192.168.20.34
and the show run output now is:
access-list 5 deny 192.168.20.33
access-list 5 deny 192.168.20.34
access-list 5 permit 192.168.20.32 0.0.0.3
So it seems that the deny statements are getting grouped together, then the permit statements.
Does this sound normal?
And yes I realise that the way I added them is incorrect, and the way the show run lists the commands is actually correct. Is the router being smart and correcting my input?!
I was always taught that when you enter a new permit or deny statement it was added to the end of the access list. Yet if I enter the following lines in this order
config t
access-list 5 permit 192.168.20.32 0.0.0.3
access-list 5 deny host 192.168.20.33
exit
config t
int fastEthernet 0
ip access-group 5 in
exit
then do a show run they are listed the other way around:
access-list 5 deny 192.168.20.33
access-list 5 permit 192.168.20.32 0.0.0.3
I then add another statement:
access-list 5 deny host 192.168.20.34
and the show run output now is:
access-list 5 deny 192.168.20.33
access-list 5 deny 192.168.20.34
access-list 5 permit 192.168.20.32 0.0.0.3
So it seems that the deny statements are getting grouped together, then the permit statements.
Does this sound normal?
And yes I realise that the way I added them is incorrect, and the way the show run lists the commands is actually correct. Is the router being smart and correcting my input?!