Re: named access list

carl_townshend · ‎08-25-2006

Hi all

I am told in a named access list you can delete but not insert entries, is this correct ? Also I have seen different numbers on the list like

50 permit x.x.x.x

60 permit x.x.x.x

70 permit x.x.x.x etc

what are these numbers for ?

cheers

ndarnell · ‎08-25-2006

No you can add entries to a named access-list

The numbers are line numbers so that you can insert entries anywhere in the access-list

EG If i wanted to add an entry into your above example but needed it to be looked at before that last entry i would enter the following in conf mode

ip access-list extended "name"

65 permit y.y.y.y

When you look at the access-list afterward you'd see

50 permit x.x.x.x

60 permit x.x.x.x

65 permit y.y.y.y

70 permit x.x.x.x etc

Hope this explains it.

Cheers

N

carl_townshend · ‎08-25-2006

thanks

can you use any numbers for this, also where do you put them when you configure them, i.e how would you type it in ?

glen.grant · ‎08-25-2006

You have to be in named ACL config mode to add the numbers and they would go just as you see them . I would do a search on named ACL's if you don't understand how to get into ACL config mode .

glen.grant · ‎08-29-2006

You only have the numbering option if your code is 12.2T and above , before that you could not number them though you could add and delete them .

ndarnell · ‎08-29-2006

Carl,

If you type "show ip access-list" this will list all access-lists and show the current line numbers.

You can also type "show ip access-list and then the number and this will list just that access-list with it's current line numbers.

HTH

Rgds

N

carl_townshend · ‎09-13-2006

does it show you the numbers if you do a show run, or do you need to type sh access-lists ?