Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access List

Hi

We have access list and it is over 100 commands. can we have simple way to remove one access list of them? or add one access list in between them, (not at the end of the whole ACL)?

Thank you

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Bronze

Re: Access List

Yes, you can use named ACLs instead of numbered ACLs.

Example,

Rack1R2#sh run | sec ip access

ip access-list extended anita

permit ip any 192.168.1.0 0.0.0.255

permit ip any 192.168.2.0 0.0.0.255

permit ip any 192.168.3.0 0.0.0.255

permit ip any 192.168.4.0 0.0.0.255

Now, let's say I want to have any entry between 192.168.3.0 and 192.168.4.0

Rack1R2#show ip acces

Extended IP access list anita

10 permit ip any 192.168.1.0 0.0.0.255

20 permit ip any 192.168.2.0 0.0.0.255

30 permit ip any 192.168.3.0 0.0.0.255

40 permit ip any 192.168.4.0 0.0.0.255

Rack1R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Rack1R2(config)#ip access-list extended anita

Rack1R2(config-ext-nacl)#35 deny ip any 192.168.4.0 0.0.0.31

Rack1R2(config-ext-nacl)#do show ip acce

Extended IP access list anita

10 permit ip any 192.168.1.0 0.0.0.255

20 permit ip any 192.168.2.0 0.0.0.255

30 permit ip any 192.168.3.0 0.0.0.255

35 deny ip any 192.168.4.0 0.0.0.31

40 permit ip any 192.168.4.0 0.0.0.255

New Member

Re: Access List

Oldschool : Work with an editor

Just edit some textfile offline and then paste it to the session you have with the machine.

For example if you have ACL 101, then the text would look like :

! clear the existing ACL 101

no access-list 101

! new ACL rules 101

access-list 101 permit x

access-list 101 permit y

access-list 101 deny z

...

!

END

!

If you're in config mode and transfer that, the existing ACL is cleared and instantly filled with the new rules. Plus, it's more convenient to do cut, copy and paste in an external editor compared to even named ACLs, so you have a better view on what you're doing.

Just my two cent ;)

Beware :

Extended IP ACL : access-list [nr] ....

Named IP ACL : ip access-list extended [name]

It's easy to forget the "ip" when you're too familiar with the "numbered ACL" version ;)

2 REPLIES
Hall of Fame Super Bronze

Re: Access List

Yes, you can use named ACLs instead of numbered ACLs.

Example,

Rack1R2#sh run | sec ip access

ip access-list extended anita

permit ip any 192.168.1.0 0.0.0.255

permit ip any 192.168.2.0 0.0.0.255

permit ip any 192.168.3.0 0.0.0.255

permit ip any 192.168.4.0 0.0.0.255

Now, let's say I want to have any entry between 192.168.3.0 and 192.168.4.0

Rack1R2#show ip acces

Extended IP access list anita

10 permit ip any 192.168.1.0 0.0.0.255

20 permit ip any 192.168.2.0 0.0.0.255

30 permit ip any 192.168.3.0 0.0.0.255

40 permit ip any 192.168.4.0 0.0.0.255

Rack1R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Rack1R2(config)#ip access-list extended anita

Rack1R2(config-ext-nacl)#35 deny ip any 192.168.4.0 0.0.0.31

Rack1R2(config-ext-nacl)#do show ip acce

Extended IP access list anita

10 permit ip any 192.168.1.0 0.0.0.255

20 permit ip any 192.168.2.0 0.0.0.255

30 permit ip any 192.168.3.0 0.0.0.255

35 deny ip any 192.168.4.0 0.0.0.31

40 permit ip any 192.168.4.0 0.0.0.255

New Member

Re: Access List

Oldschool : Work with an editor

Just edit some textfile offline and then paste it to the session you have with the machine.

For example if you have ACL 101, then the text would look like :

! clear the existing ACL 101

no access-list 101

! new ACL rules 101

access-list 101 permit x

access-list 101 permit y

access-list 101 deny z

...

!

END

!

If you're in config mode and transfer that, the existing ACL is cleared and instantly filled with the new rules. Plus, it's more convenient to do cut, copy and paste in an external editor compared to even named ACLs, so you have a better view on what you're doing.

Just my two cent ;)

Beware :

Extended IP ACL : access-list [nr] ....

Named IP ACL : ip access-list extended [name]

It's easy to forget the "ip" when you're too familiar with the "numbered ACL" version ;)

118
Views
10
Helpful
2
Replies