O'Reilly logo

Cisco IOS Cookbook, 2nd Edition by Ian Brown, Kevin Dooley

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Advanced Access-List Editing

Problem

You want to edit an existing ACL directly on the router itself.

Solution

You can insert a single entry into an existing ACL by specifying a sequence number, as follows:

Router2#configure terminal          
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ip access-list extended OREILLY        
Router2(config-ext-nacl)#12 permit tcp any host 172.25.100.100 eq 20
Router2(config-ext-nacl)#end
Router2#

The following commands show how to tell the router to automatically readjust the sequence numbers:

Router2#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ip access-list resequence OREILLY 10 10
Router2(config)#end
Router2#

And you can remove an individual entry from an existing ACL by just using the keyword no and the sequence number of the line you wish to delete:

Router2#configure terminal          
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ip access-list extended OREILLY           
Router2(config-ext-nacl)#no 60
Router2(config-ext-nacl)#end
Router2#

Discussion

Beginning with IOS Version 12.3(2)T, Cisco introduced the ability to edit ACLs using ACL entry sequence numbering. By default, the router will automatically add a sequence number to each ACL entry starting with 10, using increments of 10. The following is the sample ACL. Notice the sequence numbers on the far left of each line:

Router2#show ip access-lists OREILLY
Extended IP access list OREILLY
    10 permit tcp any host 172.25.100.100 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required