Adding Entry to existing Access List appears at the end of Access List

Answered Question
May 4th, 2009
User Badges:

Hi guys,


I am having issues in adding new entries to an existing access list, When i add the entry to access list and then issue #sh access-lists

The new entries are at the end of Access List but i want them to appear on the top or in a place where i can control.


Is there any way we can do this with out removing all the entries and then putting them back as the router i am adding access list entries is a production router.


Thansk for your input.


Correct Answer by Jon Marshall about 8 years 3 weeks ago

As an example lets say you want to add a line into acl ACT between line 10 and line 20


ip access-list extended ACT

15 deny ip 10.26.0.0 0.0.0.255 172.16.10.0 0.0.0.255


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 05/04/2009 - 15:59
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Really depends on what type of acl it is. If you do a "sh access-list do you get numbered lines or not ?


If you don't then easiest thing to do is create a new acl in notepad which is a copy of your existing acl with the additional lines. Copy this back into the config and then simply update the acl under the interface ie.


int fa0/0

ip access-group in/out


Jon

tariqmansoor Mon, 05/04/2009 - 16:05
User Badges:

Thansk i do get numbered line when i sh access list


Extended IP access list 105

10 deny ip 10.26.0.0 0.0.0.255 10.10.10.0 0.0.0.255 (31573 matches)

20 deny ip 10.26.0.0 0.0.0.255 10.0.0.0 0.0.0.255

30 permit ip 10.26.0.0 0.0.0.255 any (2823 matches)

40 permit tcp any host 10.26.0.100 eq 3389

Extended IP access list ACT

10 permit ip 10.26.0.0 0.0.0.255 10.10.10.0 0.0.0.255 (796 matches)

20 permit ip 10.26.0.0 0.0.0.255 10.0.0.0 0.0.0.255


How Can we add new entry at our desired location in the Acces list.?


Cheers,

Correct Answer
Jon Marshall Mon, 05/04/2009 - 16:17
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

As an example lets say you want to add a line into acl ACT between line 10 and line 20


ip access-list extended ACT

15 deny ip 10.26.0.0 0.0.0.255 172.16.10.0 0.0.0.255


Jon

Actions

This Discussion