Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2251
Views
0
Helpful
6
Replies

Line number in ACL's ?

srikanth ath
Level 4
Level 4

‎09-08-2011 10:48 PM - edited ‎03-07-2019 02:07 AM

Hi Guys

Can somone please explain the configuration below and Why and Whats the use of using a Line Number in the following command.

pixfirewall(config)#  access-list MYLIST permit ip any 150.80.0.0 255.255.0.0

pixfirewall(config)#  access-list MYLIST line 4 permit ip any host 10.1.1.1

pixfirewall(config)#  access-list MYLIST line 5 permit ip any host 10.1.1.2

Thanks & regards

Srikanth

Labels:
0 Helpful
6 Replies 6

Latchum Naidu
VIP Alumni
VIP Alumni

‎09-09-2011 12:15 AM

Hi Srikanth,

PIX::Accesslist::Line is used by PIX::Accesslist to hold a single line of an ACL. Each line can be searched against a set of IP & port criteria to find a match. Users will not usually have to create objects from this directly.


In 6.3(1), access-lists gain line numbers, and you can add new lines by referencing the line numbers. See the PIX reference manual for more information.

And you can use the "line"-feature btw: if you do a "sh run", you won't see the line-numbers...but if you do a "sh access-list" you will


If you want, however, to insert the new ACE at a particular location within the ACL, you can add the line number parameter to the ACE:

Please rate the helpful posts.
Regards,
Naidu.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni

‎09-09-2011 12:19 AM

Hi,

by default line number is 10 so if you omit this keyword the first ACE will be numbered 10 and following ones will be 10 apart each time.By putting this keyword you can insert an ACE in the ACL as ACLs are read top-down and first match stops reading further.

As long as the ACL is not applied to an interface it does nothing. In Pixes or ASAs the traffic from a high security level interface to a low security level interfaceis denied and so we must apply an ACL to this high level interface inbound to permit the traffic we want to traverse from high to low.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to cadet alain

‎09-09-2011 01:04 AM

Hi Srikanth,

And it is like say you have 10 ACL rules in a group, actually if you want to insert any rule it will be added to last and the rule check by PIX will top to botum.

So If you want to insert any rule in middle say 4 the line in that ACL group then you can mention "line 4" which will get the actual old ACL rulle in line 4 to next and the new ACL rule (which you add with "lin 4" will be in 4th line of that ACL group.

Please rate the helpful posts.
Regards,
Naidu.

0 Helpful

srikanth ath
Level 4
Level 4
In response to Latchum Naidu

‎09-09-2011 02:09 AM

HI guys

Thanks to cadet and Latchum, you guys really made us easy to understand the concept. thanks for the service By cadet as when ever i post any issue , he is defenitely there to help me out.

Regards

srikanth

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to srikanth ath

‎09-09-2011 02:23 AM

Hi,

Thanks srikanth, doing my best as all others here in this community to help others resolve problems.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to cadet alain

‎09-09-2011 02:30 AM

Thanks Srikanth for your appreciate comments.
And please do remember to rate the all helpfull posts which will encourage others throug out this program.


Please rate the helpful posts.
Regards,
Naidu.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card