[c-nsp] How to add new rule in the same access-list
Dmitry Valdov
dv at dv.ru
Thu Feb 5 07:18:50 EST 2009
Hello,
On Thu, 5 Feb 2009, E. Versaevel wrote:
> Cisco has 2 kind of access-lists, the 'old' numbered access-lists
>
> access-list 100 permit ip 192.168.0.0 0.0.0.255 any
> access-list 100 deny ip any any
>
> These cannot be editted other than deleting them and recreating the modified access-list (which might result in blackholing yourself if you delete the
> access-list without removing it from the interfaces ;) as a non exsisting access-list on a interface equals deny any any)
In recent IOS versions they can be edited in the same manner as named ACLs.
Use number instead of name and specify right ACL type (standard/extended).
ip access-list standard 3
[....]
> The 2nd kind of access-list are the ip access-lists, these have sequence numbers and thus provide a way to insert/remove single entries from these lists.
> The sequence numbers are reset after a router reload or can be resequenced by hand (ip access-list resequence list_name 10 10)
> So in order to insert an entry in a ip access-list you need to know the available sequence numbers. If you issue a show ip access-list you'll get an
> overview of the access-lists (and sequence numbers)
--
Dmitry Valdov
CCIE #15379 (R&S and SP)
More information about the cisco-nsp
mailing list