[c-nsp] How to add new rule in the same access-list
Brett Looney
brett at looney.id.au
Wed Feb 4 22:13:58 EST 2009
> I have old rule in the switch but don't know how to add new rule
> in the same access-list
> When I add new deny rule, it will be put at the end of the access-list
> If I remove the access-list 140, I have to re-type all lines again.
Start using named access lists:
# show access-list
Extended IP access list BrettTest
10 deny ip host 192.168.101.88 any
20 permit tcp host 192.168.17.231 any eq domain
30 permit udp host 192.168.17.231 any eq domain
40 permit tcp host 192.168.17.231 any eq www
<and so on>
Then, you can insert/delete lines:
(config)#ip access-list extended BrettTest
(config-ext-nacl)#no 20
(config-ext-nacl)#35 permit tcp host 192.168.17.230 any eq www
Easy. You can also renumber access lists using "ip access-list resequence
BrettTest 10 10".
About the only thing you can't do is insert a remark into the access list -
that'd be a nice feature to have.
B.
More information about the cisco-nsp
mailing list