Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to configure Access-list between line ?

Dear All,

I would like to ask you about how to configure Access-list between line 1 and line 2 let me show detail as below:

i have access-list as below and i want to add one access-list between 192.168.1.0 and 192.168.2.0

which command that we can do this?

ip access-list extended ACL_Coreswitch
deny   ip any 192.168.52.0 0.0.0.255
permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255

##########
permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
deny   ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
deny   ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip any any

i mean that

ip access-list extended ACL_Coreswitch
  deny   ip any 192.168.52.0 0.0.0.255
  permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255

-------

permit ip 192.168.27.0 0.0.0.255 192.168.90.0 0.0.0.255


--------

permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
deny   ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
deny   ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip any any

Best Regards,

Rechard

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: how to configure Access-list between line ?

My first question is what is the IOS version?

You can look at the sequence number of the ACL and then modify it accordingly. Here is the example I did in my lab with your config:

Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
    10 deny ip any 192.168.52.0 0.0.0.255
    20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
    30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
    40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
    50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
    60 permit ip any any

Rack1R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R1(config)#ip access-list ex ACL_Coreswitch
Rack1R1(config-ext-nacl)#25 perm ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255   
Rack1R1(config-ext-nacl)#exit

Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
    10 deny ip any 192.168.52.0 0.0.0.255
    20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
    25 permit ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255
    30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
    40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
    50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
    60 permit ip any any

I believe you can do this after IOS 12.2(14)S, 12.2(15)T, 12.2(33)SRA, 12.2SX.

HTH,

jerry

1 REPLY
Cisco Employee

Re: how to configure Access-list between line ?

My first question is what is the IOS version?

You can look at the sequence number of the ACL and then modify it accordingly. Here is the example I did in my lab with your config:

Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
    10 deny ip any 192.168.52.0 0.0.0.255
    20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
    30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
    40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
    50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
    60 permit ip any any

Rack1R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R1(config)#ip access-list ex ACL_Coreswitch
Rack1R1(config-ext-nacl)#25 perm ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255   
Rack1R1(config-ext-nacl)#exit

Rack1R1#sh ip access-list
Extended IP access list ACL_Coreswitch
    10 deny ip any 192.168.52.0 0.0.0.255
    20 permit ip 192.168.27.0 0.0.0.255 192.168.1.0 0.0.0.255
    25 permit ip 100.100.100.0 0.0.0.255 100.100.100.0 0.0.0.255
    30 permit ip 192.168.27.0 0.0.0.255 192.168.2.0 0.0.0.255
    40 deny ip 192.168.27.0 0.0.0.255 192.168.3.0 0.0.0.255
    50 deny ip 192.168.27.0 0.0.0.255 192.168.5.0 0.0.0.255
    60 permit ip any any

I believe you can do this after IOS 12.2(14)S, 12.2(15)T, 12.2(33)SRA, 12.2SX.

HTH,

jerry

170
Views
0
Helpful
1
Replies
CreatePlease to create content