Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
52617
Views
26
Helpful
5
Comments

Reader Tip - Resequence Entries in an ACL

Julie Burruss
Level 4
Level 4

‎03-30-2011 07:08 AM - edited ‎03-01-2019 04:38 PM

This month's tip from Kasiraman Eljay explains how the "ip access-list resequence" command can be very helpful.  Thanks to Kasiraman for sending in his favorite tip!

I found the “ip access-list resequence” command for an ACL to be very helpful. Most of the time network operators try to remove the ACL, edit the entries in notepad, and then paste the ACL back in via the CLI.  Resequencing the ACL can reduce the overhead to accomplish this when specific edits are needed.

Take for example the following ACL to illustrate the concept:

Router_#sh ip access-lists TEST

Extended IP access list TEST

2 permit ip host 10.10.10.1 host 10.10.10.2

3 permit ip host 10.10.10.3 host 10.10.10.4

Now let’s assume that an entry is needed between the two existing lines in the ACL.

To do this we need to have a gap in the middle so let’s assign a new set of sequence numbers.

Router_(config)#ip access-list resequence TEST 10 10

This starts the first entry with a sequence number of 10 and increments all new lines by 10. The result is:

Router_#sh ip access-lists TEST

Extended IP access list TEST

10 permit ip host 10.10.10.1 host 10.10.10.2

20 permit ip host 10.10.10.3 host 10.10.10.4

Now it’s easy to insert a new ACL entry with a sequence number of say 15 that would fall between the two existing entries in the TEST access-list.

The Configuration URL for reference is:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html

Subscribe to the TS Newsletter today at:

https://tools.cisco.com/gdrp/coiga/showsurvey.do?surveyCode=474&keyCode=123668_1

Comments
George Johnston
Level 1
Level 1
‎05-06-2011 07:35 AM

One caveat to keep in mind with this is if you use remarks in your ACL for documenting entries, they get screwed up using this technique.

rhbmcse
Level 1
Level 1
‎11-09-2017 07:16 AM

For a trainee CCNA student - I googled this straight after doing the training - the immediate question was "what if the ACL list needs the orders changing then" - which wasn't covered in my course.  I can see this being a real-life scenario that could bite you quite hard.  Thanks for sharing.

brandon.m.strode1
Level 1
Level 1
‎02-15-2018 08:56 AM

 This command is very useful as I worked in a hub node for the army that used sequencing and was never told of this command.  Like many others they would pull entire acls out just to resequence them.  if you need to add or remove or even move the acl this is a very easy task to accomplish.  once moving, removing, or  adding to the acl just re run the resequence command and your back to a clean acl.  Love it.

anilkumar.cisco
Level 4
Level 4
‎05-14-2020 12:24 AM

thanks.. but the provided link is not working.. seems outdated.. Pls update new link.. thanks..

itguy45
Level 1
Level 1
‎06-15-2023 12:42 PM

love this command! works great for cleaning up acl's. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents