Cisco acl order modification

Source: Internet
Author: User

The cisco acl order is changed in the past. You can add a new entry to the bottom of an access control list. It is impossible to add entries at a specified position in the access control list. If you want to add an entry to a specified location in an existing access control list, you must copy all its content to notepad, modify it, and delete the existing access control list, rebuild and re-compile the newly modified list. Cisco has changed everything by introducing serial numbers. This function is provided from the network operating system 12.2 (14. By using the serial number, you can add entries at the desired location, delete the entries at the location you want to delete, and rearrange the list. This new feature makes managing the access control list very convenient. Many of you should be familiar with the serial number editing in the access control list. If you do not know such an operation, you can look at the example below. Let's see how simple this operation is. In this example, we will open an existing access control list, add a piece of data in it, rearrange the list, and then delete a piece of data. All this is done on the same user interface. In this example, I use a simple extended access control list, but the operation also applies to other types of access control lists. The following shows the result after running the show run command: interface Ethernet0/0ip access-group MYTESTACL inip access-list extended multicast ip 10.10.10.0 route anypermit icmp 10.10.10.0 route anydeny ip 10.10.20.0 route anypermit tcp 10.10.30.0 route host 192.168.87.65 eq www as you can see, the serial number is not displayed in the router running configuration. You can only run the show access-list command to view the access list display command to display the input serial number. Router # sh access-listExtended IP access list MYTESTACL10 permit ip 10.10.10.0 route any20 permit icmp 10.10.0 route any30 deny ip 10.10.20.0 route any40 permit tcp 10.10.30.0 route host 192.168.87.65 eq www now obtains the required information after, we can insert a new data entry at the desired location without interfering with the operation of the existing access control list. In this example, we will insert a new license statement at the location of the 25th serial number. Note that the first part of the statement is the new serial number. Router # conf trouter (config) # ip access-list extended MYTESTACLrouter (config-ext-nacl) #25 permit tcp host 10.10.20.5 host 192.168.87.65 eq below www is the result after the adjustment: router # sh access-list multicast IP access list MYTESTACL10 permit ip 10.10.10.0 0.0.0.255 any20 permit icmp 10.10.10.0 0.0.0.255 any25 permit tcp host 10.10.20.5 host 192.168.87.65 eq (** note new line) 30 deny ip 10.10.20.0 0.0.255 Any40 permit tcp 10.30.0 0.0.255 host 192.168.87.65 eq www now we recompile the modified access control list. The access control list will operate the entire content according to the sequence number I selected and the added standard. Router (config) # ip access-list resequence MYTESTACL 100 20 the result is displayed after the show access-list command is run: router # sh access-lists Route IP access list Route permit ip Route route any120 permit icmp 10.10.10.0 route any140 permit tcp host 10.10.20.5 host 192.168.87.65 eq www160 deny ip Route route any180 permit tcp 10.30.0 route host 192.168.87.65 at the end of the example, we will Delete an item in the access control list instead of deleting the entire list. Router # conf tEnter configuration commands, one per line. end with CNTL/Z. router (config) # ip access-list extended MYTESTACLrouter (config-ext-nacl) # no 120 permit icmp 10.10.10.0 0.0.255 any (** note the sequence number) router # sh access-list MYTESTACLExtended IP access list MYTESTACL100 permit ip 10.10.10.0 0.0.255 any140 permit tcp host 10.10.20.5 host 192.168.87.65 eq www160 deny ip 10.10.20.0 0.0. 0.255 any180 permit tcp 10.30.0 0.0.255 host 192.168.87.65 eq www note that you do not have to re-arrange the access control list every time.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.