Solved: how to configure Access-list between line ?

rechard_hk · ‎08-17-2010

Dear All,

I would like to ask you about how to configure Access-list between line 1 and line 2 let me show detail as below:

i have access-list as below and i want to add one access-list between 192.168.1.0 and 192.168.2.0

which command that we can do this?

ip access-list extended ACL_Coreswitch
deny ip any 192.168.52.0 0.0.0.255
permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255

##########
permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip any any

i mean that

ip access-list extended ACL_Coreswitch
deny ip any 192.168.52.0 0.0.0.255
permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255

-------

permit ip 192.168.27.0 0.0.0.255 192.168.90.0 0.0.0.255

--------

permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip any any

Best Regards,

Rechard

Jerry Ye · ‎08-17-2010

My first question is what is the IOS version?

You can look at the sequence number of the ACL and then modify it accordingly. Here is the example I did in my lab with your config:

Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
    10 deny ip any 192.168.52.0 0.0.0.255
    20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
    30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
    40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
    50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
    60 permit ip any any

Rack1R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R1(config)#ip access-list ex ACL_Coreswitch
Rack1R1(config-ext-nacl)#25 perm ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255
Rack1R1(config-ext-nacl)#exit

Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
    10 deny ip any 192.168.52.0 0.0.0.255
    20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
    25 permit ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255
    30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
    40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
    50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
    60 permit ip any any

I believe you can do this after IOS 12.2(14)S, 12.2(15)T, 12.2(33)SRA, 12.2SX.

HTH,

jerry

View solution in original post

Jerry Ye · ‎08-17-2010