Advanced Access-List Editing
Problem
You want to edit an existing ACL directly on the router itself.
Solution
You can insert a single entry into an existing ACL by specifying a sequence number, as follows:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#ip access-list extended
Router2(config-ext-nacl)#
OREILLY
12 permit tcp any host
172.25.100.100
eq 20
Router2(config-ext-nacl)#end
Router2#
The following commands show how to tell the router to automatically readjust the sequence numbers:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#ip access-list resequence OREILLY 10 10
Router2(config)#end
Router2#
And you can remove an individual entry from an existing ACL by just using the keyword no and the sequence number of the line you wish to delete:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#ip access-list extended
Router2(config-ext-nacl)#
OREILLY
no
Router2(config-ext-nacl)#
60
end
Router2#
Discussion
Beginning with IOS Version 12.3(2)T, Cisco introduced the ability to edit ACLs using ACL entry sequence numbering. By default, the router will automatically add a sequence number to each ACL entry starting with 10, using increments of 10. The following is the sample ACL. Notice the sequence numbers on the far left of each line:
Router2#show ip access-lists
Extended IP access list OREILLY
OREILLY
10
permit tcp any host 172.25.100.100 ...
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.