Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
847
Views
0
Helpful
2
Replies

3925 ACL's

Go to solution
supercell29
Level 1
Level 1

‎11-14-2011 09:38 AM - edited ‎03-07-2019 03:22 AM

I have a question regarding the 3925 router. In the past on my old 3660's, in order to add a new line to an ACL, I would have to remove the entire ACL and readd it when adding new ACL lines to the list. Is this required on the 3925's, or is it like the ASA 5520's where you can just add an ACL any 'ol time without having to remove/add the entire ACL list?

Thank you in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎11-14-2011 10:07 AM

Hi,

for standard and extended ACL the rule is still the same, you have to wipe out the entire ACL and reconfigure the new one BUT as there is now the support for named ACL you can modify any standard or extended ACL by using the named syntax to add/ remove ACE entries.

Here is an example:

access-list 100 permit tcp any host x.x.x.x eq 80

access-list 100 deny udp any host x.x.x.x eq 53

access-list 100 permit ip any any

I you do a show access-list 100 you'll see line numbers, by default

10 access-list 100 permit tcp any host x.x.x.x eq 80

20 access-list 100 deny udp any host x.x.x.x eq 53

30 access-list 100 permit ip any any

Then suppose you want to insert a new line between first and second, do like this:

ip access-list 100 extended

15 deny tcp any host x.x.x.x eq 443

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎11-14-2011 10:07 AM

Hi,

for standard and extended ACL the rule is still the same, you have to wipe out the entire ACL and reconfigure the new one BUT as there is now the support for named ACL you can modify any standard or extended ACL by using the named syntax to add/ remove ACE entries.

Here is an example:

access-list 100 permit tcp any host x.x.x.x eq 80

access-list 100 deny udp any host x.x.x.x eq 53

access-list 100 permit ip any any

I you do a show access-list 100 you'll see line numbers, by default

10 access-list 100 permit tcp any host x.x.x.x eq 80

20 access-list 100 deny udp any host x.x.x.x eq 53

30 access-list 100 permit ip any any

Then suppose you want to insert a new line between first and second, do like this:

ip access-list 100 extended

15 deny tcp any host x.x.x.x eq 443

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Go to solution
supercell29
Level 1
Level 1
In response to cadet alain

‎11-14-2011 12:33 PM

"ip access-list 100 extended" (should be "extended 100")

ip access-list extended 100 worked

Thank you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card