Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

3925 ACL's

I have a question regarding the 3925 router. In the past on my old 3660's, in order to add a new line to an ACL, I would have to remove the entire ACL and readd it when adding new ACL lines to the list. Is this required on the 3925's, or is it like the ASA 5520's where you can just add an ACL any 'ol time without having to remove/add the entire ACL list?

Thank you in advance!

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

3925 ACL's

Hi,

for standard and extended ACL the rule is still the same, you have to wipe out the entire ACL and reconfigure the new one BUT as there is now the support for named ACL you can modify any standard or extended ACL by using the named syntax to add/ remove ACE entries.

Here is an example:

access-list 100 permit tcp any host x.x.x.x eq 80

access-list 100 deny udp any host x.x.x.x eq 53

access-list 100 permit ip any any

I you do a show access-list 100 you'll see line numbers, by default

10 access-list 100 permit tcp any host x.x.x.x eq 80

20 access-list 100 deny udp any host x.x.x.x eq 53

30 access-list 100 permit ip any any

Then suppose you want to insert a new line between first and second, do like this:

ip access-list 100 extended

15 deny tcp any host x.x.x.x eq 443

Regards.

Alain

Don't forget to rate helpful posts.
2 REPLIES
Purple

3925 ACL's

Hi,

for standard and extended ACL the rule is still the same, you have to wipe out the entire ACL and reconfigure the new one BUT as there is now the support for named ACL you can modify any standard or extended ACL by using the named syntax to add/ remove ACE entries.

Here is an example:

access-list 100 permit tcp any host x.x.x.x eq 80

access-list 100 deny udp any host x.x.x.x eq 53

access-list 100 permit ip any any

I you do a show access-list 100 you'll see line numbers, by default

10 access-list 100 permit tcp any host x.x.x.x eq 80

20 access-list 100 deny udp any host x.x.x.x eq 53

30 access-list 100 permit ip any any

Then suppose you want to insert a new line between first and second, do like this:

ip access-list 100 extended

15 deny tcp any host x.x.x.x eq 443

Regards.

Alain

Don't forget to rate helpful posts.
New Member

3925 ACL's

"ip access-list 100 extended" (should be "extended 100")

ip access-list extended 100 worked

Thank you

498
Views
0
Helpful
2
Replies
CreatePlease to create content