- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Problems with ACL resequence in 6200yl
Switches, Hubs, and Modems
1753808
Members
7506
Online
108805
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-28-2007 02:27 AM
тАО03-28-2007 02:27 AM
Problems with ACL resequence in 6200yl
We have a problem with 6200yl ACL renumbering - swich losses most of ACEs after this procedure for example:
ring6_mp6# sh ver
Image stamp: /sw/code/build/btm(t2a)
Feb 13 2007 12:04:51
K.12.02
1047
Boot Image: primary
ring6_mp6# sh run
...
ip access-list extended "main"
5 deny ip 0.0.0.0 255.255.255.255 85.236.101.57 0.0.0.0
10 deny ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255
20 permit ip 0.0.0.0 255.255.255.255 172.16.0.133 0.0.0.0
30 permit ip 172.16.0.133 0.0.0.0 0.0.0.0 255.255.255.255
40 permit ip 0.0.0.0 255.255.255.255 10.20.3.76 0.0.0.0
50 permit ip 10.20.3.76 0.0.0.0 0.0.0.0 255.255.255.255
60 permit ip 0.0.0.0 255.255.255.255 XX.XX.210.105 0.0.0.0
70 permit ip XX.XX.210.105 0.0.0.0 0.0.0.0 255.255.255.255
80 permit ip 0.0.0.0 255.255.255.255 XX.XX.216.211 0.0.0.0
90 permit ip XX.XX.216.211 0.0.0.0 0.0.0.0 255.255.255.255
100 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 139
110 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 135
120 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 445
130 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 445
140 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 range 135 139
150 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 range 1025 1027
160 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 range 1433 1434
170 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 15118
180 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 5554
190 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 4444
200 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 3128
210 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 6129
220 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 42
230 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 2745
240 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 15118
250 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 5554
260 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 4444
270 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 3128
280 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 6129
290 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 42
300 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 2745
310 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 1433
315 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 80
320 deny tcp 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255 eq 25
330 deny tcp 0.0.0.0 255.255.255.255 172.16.0.0 0.0.255.255 eq 25
335 permit ip 0.0.0.0 255.255.255.255 10.13.0.0 0.0.255.255
337 permit ip 0.0.0.0 255.255.255.255 10.233.0.0 0.0.255.255
340 deny ip 0.0.0.0 255.255.255.255 10.0.0.0 0.7.255.255
350 deny ip 0.0.0.0 255.255.255.255 10.24.0.0 0.7.255.255
360 deny ip 0.0.0.0 255.255.255.255 10.32.0.0 0.31.255.255
370 deny ip 0.0.0.0 255.255.255.255 10.64.0.0 0.63.255.255
380 deny ip 0.0.0.0 255.255.255.255 10.128.0.0 0.127.255.255
390 permit ip 10.22.0.0 0.0.255.255 0.0.0.0 255.255.255.255
400 permit ip 10.20.0.0 0.0.255.255 0.0.0.0 255.255.255.255
405 permit ip 10.23.0.0 0.0.255.255 0.0.0.0 255.255.255.255
410 permit ip 10.10.0.0 0.0.255.255 0.0.0.0 255.255.255.255
420 permit ip XX.XX.208.0 0.0.15.255 0.0.0.0 255.255.255.255
430 permit ip 172.16.0.0 0.0.255.255 0.0.0.0 255.255.255.255
440 permit ip XX.XX.60.60 0.0.0.3 0.0.0.0 255.255.255.255
450 permit ip XX.XX.60.64 0.0.0.3 0.0.0.0 255.255.255.255
455 permit ip 10.13.0.0 0.0.255.255 0.0.0.0 255.255.255.255
457 permit ip 10.233.0.0 0.0.255.255 0.0.0.0 255.255.255.255
460 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ring6_mp6(config)# ip access-list resequence main 10 10
ring6_mp6# sh run
...
ip access-list extended "main"
470 permit ip XX.XX.208.0 0.0.15.255 0.0.0.0 255.255.255.255
480 permit ip 172.16.0.0 0.0.255.255 0.0.0.0 255.255.255.255
490 permit ip XX.XX.60.60 0.0.0.3 0.0.0.0 255.255.255.255
500 permit ip XX.XX.60.64 0.0.0.3 0.0.0.0 255.255.255.255
510 permit ip 10.13.0.0 0.0.255.255 0.0.0.0 255.255.255.255
520 permit ip 10.233.0.0 0.0.255.255 0.0.0.0 255.255.255.255
530 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ring6_mp6# sh ver
Image stamp: /sw/code/build/btm(t2a)
Feb 13 2007 12:04:51
K.12.02
1047
Boot Image: primary
ring6_mp6# sh run
...
ip access-list extended "main"
5 deny ip 0.0.0.0 255.255.255.255 85.236.101.57 0.0.0.0
10 deny ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255
20 permit ip 0.0.0.0 255.255.255.255 172.16.0.133 0.0.0.0
30 permit ip 172.16.0.133 0.0.0.0 0.0.0.0 255.255.255.255
40 permit ip 0.0.0.0 255.255.255.255 10.20.3.76 0.0.0.0
50 permit ip 10.20.3.76 0.0.0.0 0.0.0.0 255.255.255.255
60 permit ip 0.0.0.0 255.255.255.255 XX.XX.210.105 0.0.0.0
70 permit ip XX.XX.210.105 0.0.0.0 0.0.0.0 255.255.255.255
80 permit ip 0.0.0.0 255.255.255.255 XX.XX.216.211 0.0.0.0
90 permit ip XX.XX.216.211 0.0.0.0 0.0.0.0 255.255.255.255
100 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 139
110 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 135
120 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 445
130 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 445
140 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 range 135 139
150 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 range 1025 1027
160 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 range 1433 1434
170 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 15118
180 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 5554
190 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 4444
200 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 3128
210 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 6129
220 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 42
230 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 2745
240 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 15118
250 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 5554
260 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 4444
270 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 3128
280 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 6129
290 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 42
300 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 2745
310 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 1433
315 deny udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 80
320 deny tcp 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255 eq 25
330 deny tcp 0.0.0.0 255.255.255.255 172.16.0.0 0.0.255.255 eq 25
335 permit ip 0.0.0.0 255.255.255.255 10.13.0.0 0.0.255.255
337 permit ip 0.0.0.0 255.255.255.255 10.233.0.0 0.0.255.255
340 deny ip 0.0.0.0 255.255.255.255 10.0.0.0 0.7.255.255
350 deny ip 0.0.0.0 255.255.255.255 10.24.0.0 0.7.255.255
360 deny ip 0.0.0.0 255.255.255.255 10.32.0.0 0.31.255.255
370 deny ip 0.0.0.0 255.255.255.255 10.64.0.0 0.63.255.255
380 deny ip 0.0.0.0 255.255.255.255 10.128.0.0 0.127.255.255
390 permit ip 10.22.0.0 0.0.255.255 0.0.0.0 255.255.255.255
400 permit ip 10.20.0.0 0.0.255.255 0.0.0.0 255.255.255.255
405 permit ip 10.23.0.0 0.0.255.255 0.0.0.0 255.255.255.255
410 permit ip 10.10.0.0 0.0.255.255 0.0.0.0 255.255.255.255
420 permit ip XX.XX.208.0 0.0.15.255 0.0.0.0 255.255.255.255
430 permit ip 172.16.0.0 0.0.255.255 0.0.0.0 255.255.255.255
440 permit ip XX.XX.60.60 0.0.0.3 0.0.0.0 255.255.255.255
450 permit ip XX.XX.60.64 0.0.0.3 0.0.0.0 255.255.255.255
455 permit ip 10.13.0.0 0.0.255.255 0.0.0.0 255.255.255.255
457 permit ip 10.233.0.0 0.0.255.255 0.0.0.0 255.255.255.255
460 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ring6_mp6(config)# ip access-list resequence main 10 10
ring6_mp6# sh run
...
ip access-list extended "main"
470 permit ip XX.XX.208.0 0.0.15.255 0.0.0.0 255.255.255.255
480 permit ip 172.16.0.0 0.0.255.255 0.0.0.0 255.255.255.255
490 permit ip XX.XX.60.60 0.0.0.3 0.0.0.0 255.255.255.255
500 permit ip XX.XX.60.64 0.0.0.3 0.0.0.0 255.255.255.255
510 permit ip 10.13.0.0 0.0.255.255 0.0.0.0 255.255.255.255
520 permit ip 10.233.0.0 0.0.255.255 0.0.0.0 255.255.255.255
530 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-30-2007 06:53 AM
тАО03-30-2007 06:53 AM
Re: Problems with ACL resequence in 6200yl
Hi
I would like to ask you to execute this command:
ring6_mp6(config)# ip access-list resequence main 1 10
Then show the ACLs output after the resequence done.
Good Luck !!!
I would like to ask you to execute this command:
ring6_mp6(config)# ip access-list resequence main 1 10
Then show the ACLs output after the resequence done.
Good Luck !!!
Science for Everyone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2007 12:25 AM
тАО06-14-2007 12:25 AM
Re: Problems with ACL resequence in 6200yl
Thank you
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP