Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

editing acl's

If I create an ACL on a Cisco router and apply it to an interface, then I edit the ACL, do I still have to apply it again to the interface? It's already applied so I'm not sure. Also do I have to always do the "permit any" after I add a rule int he ACL since it's already there from when I created it?            

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

editing acl's

Hello,

You do not need to apply it again, just edit the ACL and that's all. The same for permit any, if there is an entry for this in the ACL you do not need to add it again.

Best Regards,

Jose.

4 REPLIES
Silver

editing acl's

Hello,

You do not need to apply it again, just edit the ACL and that's all. The same for permit any, if there is an entry for this in the ACL you do not need to add it again.

Best Regards,

Jose.

editing acl's

No, you won't need to reapply it. You can generally edit while it's in place. The permit any line at the end of the ACL is only needed for outbound traffic usually (depending on the circumstance). There's an implicit deny at the end of the acl and the permit any line overrides that.

The one problem that I see many times is when someone edits the acl thinking that it's going to insert itself into the existing acl - it doesn't unless you tell it to. By default, when you edit the acl, it's going to add it to the end of the line. If you have a "permit any" at the end, and you say you want to deny anyone going to host 1.1.1.1, the acl will look like this:

50 permit ip any any

60 deny ip any host 1.1.1.1

The host will never be denied because it hits line 50 first. To fix that, you have to add the line number before your acl:

45 deny ip any host 1.1.1.1

50 permit ip any any

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

editing acl's

yes, thats why I use sequencew numbers, but how then do you edit the sequence numbers, copy them into notepad, edit and then paste?

Hall of Fame Super Gold

editing acl's

yes, thats why I use sequencew numbers, but how then do you edit the sequence numbers, copy them into notepad, edit and then paste?

You rember BASIC? 

Sequence numbers are similar.  you can say "no 45" and it means remove ACL line 45.  Of course you have to specify the ACL name before you can remove the line number.

You can also insert a line between the sequence. 

180
Views
0
Helpful
4
Replies