Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1713
Views
0
Helpful
7
Replies

How to insert a line in existing access control list?

vinothlb1
Level 1
Level 1

‎03-27-2009 06:47 AM - edited ‎03-06-2019 04:51 AM

How to insert a line in existing access control list?

Labels:
0 Helpful
7 Replies 7

Eugene Khabarov
Level 7
Level 7

‎03-27-2009 06:54 AM

ip access-list extended

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-27-2009 06:57 AM

Hello Vinoth,

depending on the IOS version the statements are automatically numbered or not.

in old IOS version you need to do:

copy the ACL to a text editor

modify it adding the desired lines in the required order

change the ACL number to a free unused number in the same range

paste to the router the new ACL

change the command using the old ACL to make it to point to the new one

OR

copy the ACL to a text editor

modify it adding the desired lines in the required order

remove all the commands invoking the ACL

do

no acl number

paste from editor new ACL version

reuse the ACL

Note:

named ACLs allow to specify the position of the statement

Hope to help

Giuseppe

0 Helpful

vinothlb1
Level 1
Level 1
In response to Giuseppe Larosa

‎03-27-2009 07:11 AM

How to edit particular ACL Line number?

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to vinothlb1

‎03-27-2009 07:19 AM

Hello Vinoth,

after having copied the whole ACL to a text editor you can also edit a statement if you need it

the procedure is valid also for changes on existing lines

Hope to help

Giuseppe

0 Helpful

Tshi M
Level 5
Level 5
In response to vinothlb1

‎03-27-2009 09:00 AM

here is an example:

Extended IP access list Clients_Lan

10 permit udp any any eq bootps (95831 matches)

20 permit udp any any eq bootpc (27315 matches)

30 permit tcp any host 10.64.200.227 eq 8080

40 permit ip any host 10.64.200.225

i am going to insert a line between 30 and 40 using:

35 permit tcp any host 10.64.200.211 eq 443

regards,

0 Helpful

Tshi M
Level 5
Level 5
In response to vinothlb1

‎03-27-2009 09:03 AM

let say say to you to modify line 40 in the acl below:

Extended IP access list Trader_Lan

10 permit udp any any eq bootps (95831 matches)

20 permit udp any any eq bootpc (27315 matches)

30 permit tcp any host 10.64.200.227 eq 8080

40 permit ip any host 10.64.200.225

you'd use for instance

40 permit tcp any host 10.64.200.225 eq 11220

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎03-27-2009 08:00 AM

On any IOS above 12.2T you just do a show access-list and it will show the numbers in the ACL . Then to modify

ip access-list extended

permit .

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card