- itcertnotes -: Access List Sequence Number

Saturday, March 12, 2011

Access List Sequence Number

Below shows a sample configuration for modifying access lists using sequence numbers:

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 deny ip 10.10.10.0 0.0.0.255 any
Router(config)#do sh access-list 101
Extended IP access list 101
    10 deny ip 10.10.10.0 0.0.0.255 any
Router(config)#
Router(config)#ip access-list extended 101
Router(config-ext-nacl)#?
Ext Access List configuration commands:
  <1-2147483647>  Sequence Number
  default         Set a command to its defaults
  deny            Specify packets to reject
  dynamic         Specify a DYNAMIC list of PERMITs or DENYs
  evaluate        Evaluate an access list
  exit            Exit from access-list configuration mode
  no              Negate a command or set its defaults
  permit          Specify packets to forward
  remark          Access list entry comment

Router(config-ext-nacl)#5 permit ip host 10.10.10.10 host 11.11.11.11
Router(config-ext-nacl)#do sh access-list
Extended IP access list 101
    5 permit ip host 10.10.10.10 host 11.11.11.11
    10 deny ip 10.10.10.0 0.0.0.255 any
Router(config-ext-nacl)#
Router(config-ext-nacl)#no 5
Router(config-ext-nacl)#do sh access-list
Extended IP access list 101
    10 deny ip 10.10.10.0 0.0.0.255 any
Router(config-ext-nacl)#no 10
Router(config-ext-nacl)#do sh access-list

Router(config-ext-nacl)#
Router(config-ext-nacl)#do sh run | in access-list
Router(config-ext-nacl)#

2 comments:

anhttMarch 13, 2011 at 7:15 AM
well this post is really useful, i never thought 'bout creating number ACL then modifying it with its name ACL, i just use number ACL almost the time for its quickness
ReplyDelete
Replies
Yap Chin HoongMarch 13, 2011 at 8:50 AM
Hi anhtt, yes, this trick is quite useful indeed. :-)
ReplyDelete
Replies

Add comment