Help with ACL please

HI guys,

I have a small issue creating a standard named ACL on layer 3 switch, to apply it secure Telnet sesions.

On the Conf t mode ,
I created the ACL giving it the name of TELNET_ACCESS_CONTROL
and then putting the lines as I need according to a specific order .

The issue that I had , was , after I finished creating the ACL , and use the show commands to view the ACL by either show running config or shoe ACL , I get the lines of that ACL not in order at all , like
20 permit ........
40 permit .........
10 permit.......
100 permit .......

I need to know why that was happening and how to fix it please as line order is important as you know .

Many thanks

Hani

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

blackninja

Try:

ip access-list resequence TELNET_ACCESS_CONTROL 10 10

han.net

Dear friend ,

That was very kind and it worked .

Many thanks

han.net

One last thing please , when I add a remark as a line , I donr see it when show access-list
Any advice

Regards

blackninja

han.net wrote: »

One last thing please , when I add a remark as a line , I donr see it when show access-list
Any advice

Regards

I'm almost sure that remark is just for numbered ACLs and not for named?

Can't test as I'm at work.

han.net

I understand , but take a look at this

(config)#ip access-list standard hani
(config-std-nacl)#re
(config-std-nacl)#r?
remark

That was on Global mode

blackninja

Yes, I see.

Some of the guys here will know for certain.

Otherwise I'll test when I get home in 2 1/2 hours.

han.net

thats great!! , and also is there any platform to try some network config better than Packet tracer ??

Regards

blackninja

Packet tracer is pretty good for CCNA level configs.

Look into GNS3 can create a simple lab to a full blown CCIE lab.

GNS3 only works for routers, not switches. You can however create using a 3660 and an 16 port network module.

Gns3 is great once you get past the learning phase.

Check out: http://www.techexams.net/forums/ccna-ccent/51378-network-lab-using-gns3-vmware-workbook.html

han.net

I passed my CCNA exam few months a go and currently workin in a jounior position.

We deal mostly with layer 3 switches

Thank s

blackninja

han.net wrote: »

I understand , but take a look at this

(config)#ip access-list standard hani
(config-std-nacl)#re
(config-std-nacl)#r?
remark

That was on Global mode

You're right remarks don't show up in Show ip access-lists.

They do show up in sh run