Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ACL

sh access-list 99

10 permit 192.168.1.0, wildcard bits 0.0.0.255 (31 matches)

20 permit 192.168.9.0, wildcard bits 0.0.0.255

30 permit 172.17.1.0, wildcard bits 0.0.0.255 (29 matches)

40 permit 172.17.3.0, wildcard bits 0.0.0.255 (41 matches)

50 permit 192.168.6.0, wildcard bits 0.0.0.255 (29 matches)

60 deny any (150 matches)

How can I add another line before deny statement without removing access-list 99 and applying again

8 REPLIES

Re: ACL

Like this...

55 permit......

Mike

New Member

Re: ACL

access-list 99 permit 192.168.1.0 0.0.0.255

access-list 99 permit 192.168.9.0 0.0.0.255

access-list 99 permit 172.17.1.0 0.0.0.255

access-list 99 permit 172.17.3.0 0.0.0.255

access-list 99 permit 192.168.6.0 0.0.0.255

access-list 99 deny any

My question was how to add another line before deny statement in one step

Re: ACL

Sorry totally misread the question. Having one of those days.

I am not 100% sure how after looking at it.

I will defer to others who have much more knowledge than I.

Mike

Gold

Re: ACL

you can't, only with named access-lists can you insert ace's.

Re: ACL

I just tried on one of our test switches and srue is absolutely correct.

And sorry for my errant post earlier.

Mike

Re: ACL

Hello all.

It is possible to add new lines to numbered ACLs in later releases of code. The output below was on a router running 12.4(21)

R1#config t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#access-list 99 permit 192.168.1.0 0.0.0.255

R1(config)#access-list 99 permit 192.168.9.0 0.0.0.255

R1(config)#access-list 99 permit 172.17.1.0 0.0.0.255

R1(config)#access-list 99 permit 172.17.3.0 0.0.0.255

R1(config)#access-list 99 permit 192.168.6.0 0.0.0.255

R1(config)#access-list 99 deny any

R1(config)#do show access-list 99

Standard IP access list 99

10 permit 192.168.1.0, wildcard bits 0.0.0.255

20 permit 192.168.9.0, wildcard bits 0.0.0.255

30 permit 172.17.1.0, wildcard bits 0.0.0.255

40 permit 172.17.3.0, wildcard bits 0.0.0.255

50 permit 192.168.6.0, wildcard bits 0.0.0.255

60 deny any

R1(config)#ip access-list standard 99

R1(config-std-nacl)#55 permit 192.168.11.0 0.0.0.255

R1(config-std-nacl)#do show access-list

Standard IP access list 99

10 permit 192.168.1.0, wildcard bits 0.0.0.255

20 permit 192.168.9.0, wildcard bits 0.0.0.255

30 permit 172.17.1.0, wildcard bits 0.0.0.255

40 permit 172.17.3.0, wildcard bits 0.0.0.255

50 permit 192.168.6.0, wildcard bits 0.0.0.255

55 permit 192.168.11.0, wildcard bits 0.0.0.255

60 deny any

R1(config-std-nacl)#

Simon

Gold

Re: ACL

that's a named access-list..it just so happens you named it '99'.

Re: ACL

Hello Srue.

No it isn't. If you look at how I configured it I used 'access-list 99' and not 'ip access-list standard 99'

You can try it yourself if you still need convincing. Also a simple google search shows pages which back up my configuration

http://blog.internetworkexpert.com/2008/01/03/editing-numbered-access-lists-on-the-fly/

Simon

315
Views
5
Helpful
8
Replies
CreatePlease to create content