Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCST & CCNA (Entry-level & Associate)
access list being overwritten, is it true?
lon21
Hi,
Is it true that when you add a access-list to a non ip access-list all other access lists are overwritten with the one you recently have entered?
I believe this is not the case for named access-list.
I have tried both on packet tracer and non are overwritten?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
tomaifauchai
Nothing is being overwritten. The only drawback of non-named access-lists is that you can't resequence them and squeeze a new statement between 2 others.
dtlokee
I'm not sure of what you're asking, but there are cases where you need to be careful when editing access-lists.
1. In older versions of code there was no way to edit a numbered ACL so executing a command like "no access-list 101 permit tcp host 1.2.3.4 any eq 22" would not remove the individual matching line but it would blow away the whole access-list 101
2. If you apply an empty ACL to an interface it results in a deny-all because of the implicit deny any any at the end.
also you can edit a numbered ACL starting in a 12.2 code release the same way you edit named ACLs (IOS treats numbered acls just like named ones)
so:
R1(config)#ip access-list resequence ?
<1-99> Standard IP access-list number
<100-199> Extended IP access-list number
<1300-1999> Standard IP access-list number (expanded range)
<2000-2699> Extended IP access list number (expanded range)
WORD Access-list name
R1(config)#ip access-list resequence 101 ?
<1-2147483647> Starting Sequence Number
R1(config)#ip access-list resequence 101 10 ?
<1-2147483647> Step to increment the sequence number
R1(config)#ip access-list resequence 101 10 10
The first "10" tells the router what the starting sequence number should be and the second "10" indicates the increment between line numbers
A few examples:
R1(config)#access-list 101 permit tcp host 1.1.1.1 host 2.2.2.2 eq 80
R1(config)#access-list 101 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
R1(config)#access-list 101 permit tcp host 12.12.12.12 host 3.3.3.3 eq 443
R1(config)#
R1(config)#do sho access-list 101
Extended IP access list 101
10 permit tcp host 1.1.1.1 host 2.2.2.2 eq www
20 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
30 permit tcp host 12.12.12.12 host 3.3.3.3 eq 443
R1(config)#ip access-list resequence 101 10 5
R1(config)#do sho access-list 101
Extended IP access list 101
10 permit tcp host 1.1.1.1 host 2.2.2.2 eq www
15 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
20 permit tcp host 12.12.12.12 host 3.3.3.3 eq 443
R1(config)#ip access-list resequence 101 100 20
R1(config)#do sho access-list 101
Extended IP access list 101
100 permit tcp host 1.1.1.1 host 2.2.2.2 eq www
120 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
140 permit tcp host 12.12.12.12 host 3.3.3.3 eq 443
R1(config)#ip access-list extended 101
R1(config-ext-nacl)#no 140
R1(config-ext-nacl)#do sho access-list 101
Extended IP access list 101
100 permit tcp host 1.1.1.1 host 2.2.2.2 eq www
120 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
R1(config-ext-nacl)#
lon21
Thank you very much, perfect.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
