How to edit access list lines ?


Most CCNA books say modifying existing ACL or inserting lines into existing ACL can’t be done….well that shows you shouldn’t believe everything you read :)

If the IOS image running on the router supports ACL line number, then following is the procedure you can follow.

First do a show access-list at the exec prompt
Note the line numbering in the required access-list e.g.:

  1. extended IP access-list 115
  2. 10 access-list 115 deny ip host 222.222.222.222 any
  3. 20 access-list 115 permit ip any any

Then enter config mode and insert the line you want to add, prefixing it with the appropriate number to position it where you want in the list (substitute standard for extended in the example below if you are working with a standard ACL):

  1. conf ter
  2. ip access-list extended 115
  3. 15 deny ip host 111.111.111.111 any
  4. end

If you want to remove a line of access-list do as given below :

  1. conf ter
  2. ip access-list extended 115
  3. no 15
  4. end

And If you want to edit a line of access-list :

  1. conf ter
  2. ip access-list extended 115
  3. no 15
  4. 15 deny/permit ip host 333.333.333.333 any
  5. End

Below is a full example with a named extended ACL

1.    router#show access-list
2.    Extended IP access list to-internet
3.    10 deny udp any any eq netbios-dgm (17226 matches)
4.    20 deny udp any any eq netbios-ns (6648 matches)
5.    30 permit ip any any (152039 matches)
6.    router#conf ter
7.    router(config)#ip access-list ext to-internet
8.    router(config-ext-nacl)#25 permit ip any host 1.1.1.1
9.    router(config-ext-nacl)#exit
10.  router(config)#exit
11.  router#
12.  router#show access-list
13.  Extended IP access list to-internet
14.  10 deny udp any any eq netbios-dgm (17226 matches)
15.  20 deny udp any any eq netbios-ns (6648 matches)
16.  25 permit ip any host 1.1.1.1
17.  30 permit ip any any (152039 matches)

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>