[c-nsp] How to add new rule in the same access-list
Tony Varriale
tvarriale at comcast.net
Thu Feb 5 00:48:59 EST 2009
conf t
ip access-list ext 140
But, based on your output, I'd guess your IOS doesn't support sequenceable
ACLs.
What code are you running?
tv
----- Original Message -----
From: "Deric Kwok" <deric.kwok2000 at gmail.com>
To: <cisco-nsp at puck.nether.net>
Sent: Wednesday, February 04, 2009 8:26 PM
Subject: [c-nsp] How to add new rule in the same access-list
> Hi
>
> I have old rule in the switch but don't know how to add new rule in the
> same
> access-list
>
> When I add new deny rule, it will be put at the end of the access-list
>
> If I remove the access-list 140, I have to re-type all lines again.
>
> Please help.
>
> Thank you
>
>
>
> switch#sh access-list 140
> Extended IP access list 140
> deny udp any host 192.168.1.118 eq ntp log (4 matches)
> permit udp host 192.168.1.114 host 192.168.1.118 eq snmp log
> deny udp any host 192.168.1.118 eq snmp log
> permit ip any any (49 matches)
>
> switch#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> switch(config)#access-list 140 deny tcp any host 192.168.1.118 eq 123 log
>
>
>
> switch#sh ip access-lists 140
> Extended IP access list 140
> deny udp any host 192.168.1.118 eq ntp log (6 matches)
> permit udp host 192.168.1.114 host 192.168.1.118 eq snmp log (35
> matches)
> deny udp any host 192.168.1.118 eq snmp log
> permit ip any any (174 matches)
> deny tcp any host 192.168.1.118 eq 123 log
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list