Options

access list being overwritten, is it true?

lon21lon21 Member Posts: 201
in CCNA & CCENT
Hi,

Is it true that when you add a access-list to a non ip access-list all other access lists are overwritten with the one you recently have entered?

I believe this is not the case for named access-list.

I have tried both on packet tracer and non are overwritten?
· Share on FacebookShare on Twitter

Comments

  • Options
    tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    Nothing is being overwritten. The only drawback of non-named access-lists is that you can't resequence them and squeeze a new statement between 2 others.
    · Share on FacebookShare on Twitter
  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    I'm not sure of what you're asking, but there are cases where you need to be careful when editing access-lists.

    1. In older versions of code there was no way to edit a numbered ACL so executing a command like "no access-list 101 permit tcp host 1.2.3.4 any eq 22" would not remove the individual matching line but it would blow away the whole access-list 101
    2. If you apply an empty ACL to an interface it results in a deny-all because of the implicit deny any any at the end.

    also you can edit a numbered ACL starting in a 12.2 code release the same way you edit named ACLs (IOS treats numbered acls just like named ones)

    so:

    R1(config)#ip access-list resequence ?
    <1-99> Standard IP access-list number
    <100-199> Extended IP access-list number
    <1300-1999> Standard IP access-list number (expanded range)
    <2000-2699> Extended IP access list number (expanded range)
    WORD Access-list name
    R1(config)#ip access-list resequence 101 ?
    <1-2147483647> Starting Sequence Number
    R1(config)#ip access-list resequence 101 10 ?
    <1-2147483647> Step to increment the sequence number
    R1(config)#ip access-list resequence 101 10 10


    The first "10" tells the router what the starting sequence number should be and the second "10" indicates the increment between line numbers

    A few examples:

    R1(config)#access-list 101 permit tcp host 1.1.1.1 host 2.2.2.2 eq 80
    R1(config)#access-list 101 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
    R1(config)#access-list 101 permit tcp host 12.12.12.12 host 3.3.3.3 eq 443
    R1(config)#
    R1(config)#do sho access-list 101
    Extended IP access list 101
    10 permit tcp host 1.1.1.1 host 2.2.2.2 eq www
    20 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
    30 permit tcp host 12.12.12.12 host 3.3.3.3 eq 443
    R1(config)#ip access-list resequence 101 10 5
    R1(config)#do sho access-list 101
    Extended IP access list 101
    10 permit tcp host 1.1.1.1 host 2.2.2.2 eq www
    15 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
    20 permit tcp host 12.12.12.12 host 3.3.3.3 eq 443
    R1(config)#ip access-list resequence 101 100 20
    R1(config)#do sho access-list 101
    Extended IP access list 101
    100 permit tcp host 1.1.1.1 host 2.2.2.2 eq www
    120 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
    140 permit tcp host 12.12.12.12 host 3.3.3.3 eq 443
    R1(config)#ip access-list extended 101
    R1(config-ext-nacl)#no 140
    R1(config-ext-nacl)#do sho access-list 101
    Extended IP access list 101
    100 permit tcp host 1.1.1.1 host 2.2.2.2 eq www
    120 permit udp host 4.4.4.4 host 8.8.8.8 eq 22
    R1(config-ext-nacl)#
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    lon21lon21 Member Posts: 201
    Thank you very much, perfect.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.