[c-nsp] How to add new rule in the same access-list

Deric Kwok deric.kwok2000 at gmail.com
Thu Feb 5 08:41:33 EST 2009


Hi Tony

You are right. i think my IOS (version 12.0) can't support the numbering

switch#sh access-list 140
Extended IP access list 140
    deny udp any host 192.168.1.118 eq ntp log (643 matches)
    permit udp host 192.186.1.114 host 192.168.1.118 eq snmp log (5950
matches)
    deny udp any host 192.168.1.118 eq snmp log
    permit ip any any (732 matches)
    deny tcp any host 192.168.1.118 eq 123 log

For the future. what can I do it properly?
Could you give me example?

Thank you so much


On Thu, Feb 5, 2009 at 12:48 AM, Tony Varriale <tvarriale at comcast.net>wrote:

> conf t
> ip access-list ext 140
>
> But, based on your output, I'd guess your IOS doesn't support sequenceable
> ACLs.
>
> What code are you running?
>
> tv
> ----- Original Message ----- From: "Deric Kwok" <deric.kwok2000 at gmail.com>
> To: <cisco-nsp at puck.nether.net>
> Sent: Wednesday, February 04, 2009 8:26 PM
> Subject: [c-nsp] How to add new rule in the same access-list
>
>
>  Hi
>>
>> I have old rule in the switch but don't know how to add new rule in the
>> same
>> access-list
>>
>> When I add new deny rule, it will be put at the end of the access-list
>>
>> If I remove the access-list 140, I have to re-type all lines again.
>>
>> Please help.
>>
>> Thank you
>>
>>
>>
>> switch#sh access-list 140
>> Extended IP access list 140
>>   deny udp any host 192.168.1.118 eq ntp log (4 matches)
>>   permit udp host 192.168.1.114 host 192.168.1.118 eq snmp log
>>   deny udp any host 192.168.1.118 eq snmp log
>>   permit ip any any (49 matches)
>>
>> switch#config t
>> Enter configuration commands, one per line.  End with CNTL/Z.
>> switch(config)#access-list 140 deny tcp any host 192.168.1.118 eq 123 log
>>
>>
>>
>> switch#sh ip access-lists 140
>> Extended IP access list 140
>>   deny udp any host 192.168.1.118 eq ntp log (6 matches)
>>   permit udp host 192.168.1.114 host 192.168.1.118 eq snmp log (35
>> matches)
>>   deny udp any host 192.168.1.118 eq snmp log
>>   permit ip any any (174 matches)
>>   deny tcp any host 192.168.1.118 eq 123 log
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list