And I just noticed another new behavior and you don't need to migrated to 'named' ACLs.

Here is my current ACL:

access-list 101 permit ip host 1.1.1.1 host 2.2.2.2

access-list 101 permit ip host 1.1.1.1 host 3.3.3.3

access-list 101 permit ip host 1.1.1.1 host 4.4.4.4

access-list 101 deny ip any any

Now, I want to add an additional entry before deny ip any any....

Rack1R4#show ip access-list

Extended IP access list 101

10 permit ip host 1.1.1.1 host 2.2.2.2

20 permit ip host 1.1.1.1 host 3.3.3.3

25 permit ip host 1.1.1.1 host 4.4.4.4

30 deny ip any any

Rack1R4#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Rack1R4(config)#ip access-list extended 101

Rack1R4(config-ext-nacl)#26 permit ip host 1.1.1.1 host 5.5.5.5

Rack1R4(config-ext-nacl)#do show run | sec 101

access-list 101 permit ip host 1.1.1.1 host 2.2.2.2

access-list 101 permit ip host 1.1.1.1 host 3.3.3.3

access-list 101 permit ip host 1.1.1.1 host 4.4.4.4

access-list 101 permit ip host 1.1.1.1 host 5.5.5.5

access-list 101 deny ip any any

__

Edison.