Cisco – Why does Cisco ios save and display access list entries out of order

Consider the following access-list:

access-list 25 remark city1
access-list 25 permit 10.1.120.0 0.0.0.255
access-list 25 remark city2
access-list 25 permit 10.2.120.0 0.0.0.255
access-list 25 remark city3
access-list 25 permit 10.3.120.0 0.0.0.255
access-list 25 remark city4
access-list 25 permit 10.4.120.0 0.0.0.255
access-list 25 remark city5
access-list 25 permit 10.5.120.0 0.0.0.255
access-list 25 remark mgt
access-list 25 permit 10.3.66.86
access-list 25 remark jumphosts
access-list 25 permit 10.3.1.37
access-list 25 permit 10.3.1.38

If I enter this directly into a router in the order above and then run "show ip access-list 25" the access-list is displayed in the following order:

Standard IP access list 25
    60 permit 10.3.66.86
    70 permit 10.3.1.37
    80 permit 10.3.1.38
    10 permit 10.1.120.0, wildcard bits 0.0.0.255
    20 permit 10.2.120.0, wildcard bits 0.0.0.255
    30 permit 10.3.120.0, wildcard bits 0.0.0.255
    40 permit 10.4.120.0, wildcard bits 0.0.0.255
    50 permit 10.5.120.0, wildcard bits 0.0.0.255

If I view the access list in the running-config it appears in this order:

access-list 25 remark mgt
access-list 25 permit 10.3.66.86
access-list 25 remark jumphosts
access-list 25 permit 10.3.1.37
access-list 25 permit 10.3.1.38
access-list 25 remark city1
access-list 25 permit 10.1.120.0 0.0.0.255
access-list 25 remark city2
access-list 25 permit 10.2.120.0 0.0.0.255
access-list 25 remark city3
access-list 25 permit 10.3.120.0 0.0.0.255
access-list 25 remark city4
access-list 25 permit 10.4.120.0 0.0.0.255
access-list 25 remark city5
access-list 25 permit 10.5.120.0 0.0.0.255

Questions:

1) Why doesn't the access list appear in the order that it was entered?
2) Even though it isn't displayed in the correct order in "show ip access-lists" output or in the running config, the sequence numbers are in order. Is the ruleset parsed according to the sequence numbers or according to the order in which the entries are displayed?

Cisco IOS 15.1(4)M5

Cisco – Why does Cisco ios save and display access list entries out of order

Best Answer

Related Topic

Best Answer

Related Solutions

Cisco – What do the parentheses “()” after objects mean in Cisco ASA ACLs

Cisco ASA 5505 stop passing traffic randomly

Related Topic