Giuseppe Larosa Fri, 03/27/2009 - 06:57
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vinoth,

depending on the IOS version the statements are automatically numbered or not.


in old IOS version you need to do:


copy the ACL to a text editor

modify it adding the desired lines in the required order

change the ACL number to a free unused number in the same range

paste to the router the new ACL

change the command using the old ACL to make it to point to the new one


OR


copy the ACL to a text editor

modify it adding the desired lines in the required order


remove all the commands invoking the ACL

do

no acl number

paste from editor new ACL version


reuse the ACL


Note:


named ACLs allow to specify the position of the statement


Hope to help

Giuseppe


Giuseppe Larosa Fri, 03/27/2009 - 07:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vinoth,


after having copied the whole ACL to a text editor you can also edit a statement if you need it


the procedure is valid also for changes on existing lines


Hope to help

Giuseppe


Tshi M Fri, 03/27/2009 - 09:00
User Badges:
  • Silver, 250 points or more

here is an example:


Extended IP access list Clients_Lan

10 permit udp any any eq bootps (95831 matches)

20 permit udp any any eq bootpc (27315 matches)

30 permit tcp any host 10.64.200.227 eq 8080

40 permit ip any host 10.64.200.225



i am going to insert a line between 30 and 40 using:


35 permit tcp any host 10.64.200.211 eq 443


regards,


Tshi M Fri, 03/27/2009 - 09:03
User Badges:
  • Silver, 250 points or more

let say say to you to modify line 40 in the acl below:


Extended IP access list Trader_Lan

10 permit udp any any eq bootps (95831 matches)

20 permit udp any any eq bootpc (27315 matches)

30 permit tcp any host 10.64.200.227 eq 8080

40 permit ip any host 10.64.200.225


you'd use for instance


40 permit tcp any host 10.64.200.225 eq 11220

glen.grant Fri, 03/27/2009 - 08:00
User Badges:
  • Purple, 4500 points or more

On any IOS above 12.2T you just do a show access-list and it will show the numbers in the ACL . Then to modify


ip access-list extended


permit .

Actions

This Discussion