Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
972
Views
0
Helpful
4
Replies

editing acl's

Go to solution
tolinrome tolinrome
Level 1
Level 1

‎01-03-2014 01:50 PM - edited ‎03-07-2019 05:22 PM

If I create an ACL on a Cisco router and apply it to an interface, then I edit the ACL, do I still have to apply it again to the interface? It's already applied so I'm not sure. Also do I have to always do the "permit any" after I add a rule int he ACL since it's already there from when I created it?            

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jose Jara
Level 3
Level 3

‎01-03-2014 02:06 PM

Hello,

You do not need to apply it again, just edit the ACL and that's all. The same for permit any, if there is an entry for this in the ACL you do not need to add it again.

Best Regards,

Jose.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jose Jara
Level 3
Level 3

‎01-03-2014 02:06 PM

Hello,

You do not need to apply it again, just edit the ACL and that's all. The same for permit any, if there is an entry for this in the ACL you do not need to add it again.

Best Regards,

Jose.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎01-03-2014 02:07 PM

No, you won't need to reapply it. You can generally edit while it's in place. The permit any line at the end of the ACL is only needed for outbound traffic usually (depending on the circumstance). There's an implicit deny at the end of the acl and the permit any line overrides that.

The one problem that I see many times is when someone edits the acl thinking that it's going to insert itself into the existing acl - it doesn't unless you tell it to. By default, when you edit the acl, it's going to add it to the end of the line. If you have a "permit any" at the end, and you say you want to deny anyone going to host 1.1.1.1, the acl will look like this:

50 permit ip any any

60 deny ip any host 1.1.1.1

The host will never be denied because it hits line 50 first. To fix that, you have to add the line number before your acl:

45 deny ip any host 1.1.1.1

50 permit ip any any

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
tolinrome tolinrome
Level 1
Level 1
In response to John Blakley

‎01-03-2014 02:16 PM

yes, thats why I use sequencew numbers, but how then do you edit the sequence numbers, copy them into notepad, edit and then paste?

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to tolinrome tolinrome

‎01-04-2014 02:24 AM 

yes, thats why I use sequencew numbers, but how then do you edit the sequence numbers, copy them into notepad, edit and then paste?

You rember BASIC? 

Sequence numbers are similar.  you can say "no 45" and it means remove ACL line 45.  Of course you have to specify the ACL name before you can remove the line number.

You can also insert a line between the sequence. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card