[c-nsp] How to add new rule in the same access-list

Tony Varriale tvarriale at comcast.net
Thu Feb 5 00:48:59 EST 2009


conf t
ip access-list ext 140

But, based on your output, I'd guess your IOS doesn't support sequenceable 
ACLs.

What code are you running?

tv
----- Original Message ----- 
From: "Deric Kwok" <deric.kwok2000 at gmail.com>
To: <cisco-nsp at puck.nether.net>
Sent: Wednesday, February 04, 2009 8:26 PM
Subject: [c-nsp] How to add new rule in the same access-list


> Hi
>
> I have old rule in the switch but don't know how to add new rule in the 
> same
> access-list
>
> When I add new deny rule, it will be put at the end of the access-list
>
> If I remove the access-list 140, I have to re-type all lines again.
>
> Please help.
>
> Thank you
>
>
>
> switch#sh access-list 140
> Extended IP access list 140
>    deny udp any host 192.168.1.118 eq ntp log (4 matches)
>    permit udp host 192.168.1.114 host 192.168.1.118 eq snmp log
>    deny udp any host 192.168.1.118 eq snmp log
>    permit ip any any (49 matches)
>
> switch#config t
> Enter configuration commands, one per line.  End with CNTL/Z.
> switch(config)#access-list 140 deny tcp any host 192.168.1.118 eq 123 log
>
>
>
> switch#sh ip access-lists 140
> Extended IP access list 140
>    deny udp any host 192.168.1.118 eq ntp log (6 matches)
>    permit udp host 192.168.1.114 host 192.168.1.118 eq snmp log (35
> matches)
>    deny udp any host 192.168.1.118 eq snmp log
>    permit ip any any (174 matches)
>    deny tcp any host 192.168.1.118 eq 123 log
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 



More information about the cisco-nsp mailing list