[c-nsp] How to add new rule in the same access-list
Steve Bertrand
steve at ibctech.ca
Thu Feb 5 09:02:02 EST 2009
Deric Kwok wrote:
> Hi Tony
>
> You are right. i think my IOS (version 12.0) can't support the numbering
>
> switch#sh access-list 140
> Extended IP access list 140
> deny udp any host 192.168.1.118 eq ntp log (643 matches)
> permit udp host 192.186.1.114 host 192.168.1.118 eq snmp log (5950
> matches)
> deny udp any host 192.168.1.118 eq snmp log
> permit ip any any (732 matches)
> deny tcp any host 192.168.1.118 eq 123 log
>
> For the future. what can I do it properly?
> Could you give me example?
#sh access-lists
Extended IP access list 110
permit ip 142.x.x.0 0.0.0.255 208.70.104.0 0.0.7.255
permit ip 208.70.111.68 0.0.0.3 any
deny ip any any
# sh run
interface FastEthernet0/1.760
ip access-group 110 in
...now to change, do a show run, copy the entire ACL 110 list and put it
into a text editor, add/remove the needed lines, then:
# conf t
# int fa0/1.760
# no ip access-group 110 in
...go back to global config context, and paste back in the updated
access list, and re-apply the list as an access-group back on the interface.
Steve
More information about the cisco-nsp
mailing list