Wednesday 25 March 2020

Add , Remove & Resequence entries in ACL

Today in this post we will see how to add , remove and resequence entries in an ACL.
               
So we have an existing acl named techstuff


Let's check this acl.


R1#sh ip access-lists techstuff

Extended IP access list techstuff

    10 permit ip 10.0.0.0 0.0.0.255 any

    20 permit ip 20.0.0.0 0.0.0.255 any

    30 permit ip 30.0.0.0 0.0.0.255 any

    40 permit ip 40.0.0.0 0.0.0.255 any

    50 permit ip 50.0.0.0 0.0.0.255 any


Now , Need to deny host 20.1.1.1 in the ACL

Hence need to add the entry before entry with sequence number 20


R1(config)#ip access-list extended techstuff

R1(config-ext-nacl)#15 deny ip host 20.1.1.1 any

R1(config-ext-nacl)#do sh ip access-list techstuff

Extended IP access list techstuff

    10 permit ip 10.0.0.0 0.0.0.255 any

    15 deny ip host 20.1.1.1 any <--------------- New entry

    20 permit ip 20.0.0.0 0.0.0.255 any

    30 permit ip 30.0.0.0 0.0.0.255 any

    40 permit ip 40.0.0.0 0.0.0.255 any

    50 permit ip 50.0.0.0 0.0.0.255 any


Now lets see how to remove an entry


R1(config)#ip access-list extended techstuff

R1(config-ext-nacl)#no 40

R1(config-ext-nacl)#do sh ip access-list techstuff

Extended IP access list techstuff

    10 permit ip 10.0.0.0 0.0.0.255 any

    15 deny ip host 20.1.1.1 any

    20 permit ip 20.0.0.0 0.0.0.255 any

    30 permit ip 30.0.0.0 0.0.0.255 any

    50 permit ip 50.0.0.0 0.0.0.255 any


Here we can see the start sequence number is 10 but the intervals between the entries are not even


Lets make the interval as 10


R1(config)#ip access-list ?

  extended    Extended Access List

  log-update  Control access list log updates

  logging     Control access list logging

  resequence  Resequence Access List

  standard    Standard Access List


R1(config)#ip access-list reseque

R1(config)#ip access-list resequence ?

  <1-99>       Standard IP access-list number

  <100-199>    Extended IP access-list number

  <1300-1999>  Standard IP access-list number (expanded range)

  <2000-2699>  Extended IP access list number (expanded range)

  WORD         Access-list name


R1(config)#ip access-list resequence techstuff ?

  <1-2147483647>  Starting Sequence Number


R1(config)#ip access-list resequence techstuff 10 ?

  <1-2147483647>  Step to increment the sequence number


R1(config)#ip access-list resequence techstuff 10 10

R1(config)#^Z



R1#sh ip access-list techstuff

Extended IP access list techstuff

    10 permit ip 10.0.0.0 0.0.0.255 any

    20 deny ip host 20.1.1.1 any

    30 permit ip 20.0.0.0 0.0.0.255 any

    40 permit ip 30.0.0.0 0.0.0.255 any

    50 permit ip 50.0.0.0 0.0.0.255 any



Hope Guys !!! You find this blog informative and useful !!!

Thanks!!!!

1 comment: