[c-nsp] How to add new rule in the same access-list
Garry
gkg at gmx.de
Thu Feb 5 06:59:30 EST 2009
Seth Mattinen wrote:
> Deric Kwok wrote:
>
>> Hi
>>
>> I have old rule in the switch but don't know how to add new rule in the same
>> access-list
>>
>> When I add new deny rule, it will be put at the end of the access-list
>>
>> If I remove the access-list 140, I have to re-type all lines again.
>>
>>
>
> That's correct. You need to remove and recreate it in the correct order
> lacking sequences.
>
Not necessarily, you can always do a "show access-list 140", you'll get
a numbered list of rules. Then you can delete single lines by doing
something like this:
conf t
ip access-list extended 140
no 30 <-- if the line you want to get rid of is #30
30 permit ... <-- of course you can add a new #30
31 permit ... <-- or insert additional lines ...
32 deny ... <-- dito
AFAIK, the numbering stays constant until the next router reload
...then, it is "renumbered" internally to use the 10-20-30... distance
for every line ... (if anybody knows a way to renumber w/o rebooting,
please let me know)
-garry
More information about the cisco-nsp
mailing list