access-list 25 remark city1 access-list 25 permit 10.1.120.0 0.0.0.255 access-list 25 remark city2 access-list 25 permit 10.2.120.0 0.0.0.255 access-list 25 remark city3 access-list 25 permit 10.3.120.0 0.0.0.255 access-list 25 remark city4 access-list 25 permit 10.4.120.0 0.0.0.255 access-list 25 remark city5 access-list 25 permit 10.5.120.0 0.0.0.255 access-list 25 remark mgt access-list 25 permit 10.3.66.86 access-list 25 remark jumphosts access-list 25 permit 10.3.1.37 access-list 25 permit 10.3.1.38
如果我按照上述顺序直接将其输入路由器,然后运行“ show ip access-list 25”,列表按以下顺序显示:
Standard IP access list 25
60 permit 10.3.66.86
70 permit 10.3.1.37
80 permit 10.3.1.38
10 permit 10.1.120.0, wildcard bits 0.0.0.255
20 permit 10.2.120.0, wildcard bits 0.0.0.255
30 permit 10.3.120.0, wildcard bits 0.0.0.255
40 permit 10.4.120.0, wildcard bits 0.0.0.255
50 permit 10.5.120.0, wildcard bits 0.0.0.255
如果我在运行配置中查看访问列表,则该列表按以下顺序显示:
access-list 25 remark mgt access-list 25 permit 10.3.66.86 access-list 25 remark jumphosts access-list 25 permit 10.3.1.37 access-list 25 permit 10.3.1.38 access-list 25 remark city1 access-list 25 permit 10.1.120.0 0.0.0.255 access-list 25 remark city2 access-list 25 permit 10.2.120.0 0.0.0.255 access-list 25 remark city3 access-list 25 permit 10.3.120.0 0.0.0.255 access-list 25 remark city4 access-list 25 permit 10.4.120.0 0.0.0.255 access-list 25 remark city5 access-list 25 permit 10.5.120.0 0.0.0.255
问题:
1)为什么访问列表没有按输入顺序出现?
2)即使未显示也是如此在“显示ip访问列表”输出中以正确的顺序或在运行的配置中,顺序号是按顺序排列的。规则集是否根据序列号或条目的显示顺序进行了解析?
Cisco IOS 15.1(4)M5
#1 楼
从Cisco文档:标准访问列表中的主要区别在于,Cisco IOS按IP地址的降序添加条目,而不是按序列号。 >
您可以在此处了解更多信息。
#2 楼
这是对此的更早介绍。 https://supportforums.cisco.com/t5/lan-switching-and-routing/access-list-wrong-order/td-p/3070419请查一下,彼得·帕劳奇(Peter Paluch)的帖子。 ;)
评论
不鼓励仅链接的答案,因为链接会随着时间而失败。您应该在答案中包括相关信息,并适当地赋予其属性并包括链接。
–罗恩·莫潘♦
18年6月2日在15:54