ACL Editing
Supermiguel
Member Posts: 122
in CCNA & CCENT
if i have few ACLS for example:
permit tcp any any eq 3389 log-input
permit tcp any host 72.187.66.22 eq 2212 log-input <<<<<<<<<
permit udp any any eq ntp
permit udp any eq bootps any eq bootpc
deny icmp any any log-input
deny ip any any log-input
permit tcp any host 72.187.66.22 eq 10000 log-input
deny ip host 203.95.109.29 any log-input
deny ip host 24.64.12.222 any log-input
and i want to put a permit just after the "<<<<" do i have to put all of them again or is there any trick?
permit tcp any any eq 3389 log-input
permit tcp any host 72.187.66.22 eq 2212 log-input <<<<<<<<<
permit udp any any eq ntp
permit udp any eq bootps any eq bootpc
deny icmp any any log-input
deny ip any any log-input
permit tcp any host 72.187.66.22 eq 10000 log-input
deny ip host 203.95.109.29 any log-input
deny ip host 24.64.12.222 any log-input
and i want to put a permit just after the "<<<<" do i have to put all of them again or is there any trick?
Comments
-
mikej412 Member Posts: 10,086 ■■■■■■■■■■Trick.
You can edit a standard or extended access list like a named access list -- just pay attention to the differences.
If you're just trying this in a lab as you study for the CCNA, then go ahead and try it. If this is on a real production router you've got to ask yourself if you are feeling lucky.
If you don't understand what Cisco is talking about in this Edit ACLs link then you may want to stick with the original CCNA Standard/Extended copy and paste and edit and delete and paste method.:mike: Cisco Certifications -- Collect the Entire Set! -
kpjungle Member Posts: 426mikej412 wrote:Trick.
You can edit a standard or extended access list like a named access list -- just pay attention to the differences.
If you're just trying this in a lab as you study for the CCNA, then go ahead and try it. If this is on a real production router you've got to ask yourself if you are feeling lucky.
If you don't understand what Cisco is talking about in this Edit ACLs link then you may want to stick with the original CCNA Standard/Extended copy and paste and edit and delete and paste method.
This line is very puzzling:
"The major difference in a standard access list is that the Cisco IOS adds an entry by descending order of the IP address, not on a sequence number."
Pretty clear that with extended numbered ACLs the sequence number is the determining factor, but how does it work with standard numbered ACL's? Fx. I tried to make sense of it all by doing a test, why does this happen:
Standard IP access list 2
2 permit 10.10.10.1
4 permit 192.168.1.1
250 permit 171.40.1.16
251 deny 171.40.1.16
150 permit 172.40.1.16
15 permit 172.16.1.16
30 permit 172.16.1.11
20 permit 172.16.1.10
25 permit 172.16.1.7
10 permit 172.16.1.2
If it was to be processed in descending order, should i get 192.168.1.1 first, then 172.40.1.16, then 172.16.1.x and then 172.x.x.x and last, but not least 10.10.10.1?Studying for CCNP (All done)