Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

FWSM access-list.

Hi experts.

I am using FWSM ver 3.2(5). I am facing problems regarding line number in access-list. See i entered the following

FWSM(config)# access-list temp line 10 per ip host 10.0.0.1 host 20.0.0.1

FWSM(config)# access-list temp line 20 per ip host 10.0.0.1 host 20.0.0.2

FWSM(config)# access-list temp line 15 per ip host 10.0.0.1 host 20.0.0.15

now when i do

FWSM# sh access-list temp
access-list temp; 3 elements
access-list temp line 1 extended permit ip host 10.0.0.1 host 20.0.0.1 (hitcnt=0) 0x49d4a46e
access-list temp line 2 extended permit ip host 10.0.0.1 host 20.0.0.2 (hitcnt=0) 0x8df5c3c1
access-list temp line 3 extended permit ip host 10.0.0.1 host 20.0.0.15 (hitcnt=0) 0x535d5620

Why access-list is not taking my defined line numbers. I am currently managing a security access-list and we need to add/delete IP on quite frequent basis. Do i have always have to copy the entire access-list to notepad and make amendments there ? Can someone help me out pls

2 REPLIES
Hall of Fame Super Blue

Re: FWSM access-list.

Jonn.cos88 wrote:

Hi experts.

I am using FWSM ver 3.2(5). I am facing problems regarding line number in access-list. See i entered the following

FWSM(config)# access-list temp line 10 per ip host 10.0.0.1 host 20.0.0.1

FWSM(config)# access-list temp line 20 per ip host 10.0.0.1 host 20.0.0.2

FWSM(config)# access-list temp line 15 per ip host 10.0.0.1 host 20.0.0.15

now when i do

FWSM# sh access-list temp
access-list temp; 3 elements
access-list temp line 1 extended permit ip host 10.0.0.1 host 20.0.0.1 (hitcnt=0) 0x49d4a46e
access-list temp line 2 extended permit ip host 10.0.0.1 host 20.0.0.2 (hitcnt=0) 0x8df5c3c1
access-list temp line 3 extended permit ip host 10.0.0.1 host 20.0.0.15 (hitcnt=0) 0x535d5620

Why access-list is not taking my defined line numbers. I am currently managing a security access-list and we need to add/delete IP on quite frequent basis. Do i have always have to copy the entire access-list to notepad and make amendments there ? Can someone help me out pls

Jon

I'm not sure you can use specific line numbers ie. 10, 15, 20 when entering acl lines but no you don't have to copy the entire access-list to notepad.

From your example above lets say you want to add a new line between 2 & 3 -

access-list temp line 3 permit ip host 10.0.0.1 host 20.0.0.8

this should add the line as line 3 and then the original line 3 should become line 4. Same if you delete a line, the access-list will renumber the remaining entries so you can add and delete into the existing acl.

Jon

Hall of Fame Super Silver

Re: FWSM access-list.

Hello Jonn,

FWSM allows you to add line in any position for example 2, existing line 2 will be moved to line 3 and so on

you should be able to add or remove lines selectively. just use show access-list to find out the current line numbering

This is different from what happens on Cisco IOS routers where using line x means changing line x to new line

Hope to help

Giuseppe

1809
Views
0
Helpful
2
Replies
CreatePlease to create content