Cisco ip access-list sequence numbers

steven_maher
steven_maher used Ask the Experts™
on
I'm trying to add a new line to an acl on a Cisco router running IOS 12.4, and would like to line to go between two existing lines.

However, the new line always goes to the end of the list! Any ideas what I'm doing wrong?

Here's the code:

Switch(config)#ip access-list standard test
Switch(config-std-nacl)#15 permit 2.2.2.2

Switch#sh access-lists test
Standard IP access list test
    10 permit 1.1.1.1
    20 deny   3.3.3.3
    15 permit 2.2.2.2
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
You will need to work with a text editor. The way to do it fast is to use !
example:

ip access-list standard test
!
15 permit 2.2.2.2
!
...

so write the correct command and paste. If it doesn't work do <no> before and start the ACL again
It always put the next line at the end.

Author

Commented:
Named ACLs can be edited using the sequence numbers, so that a text editor isn't needed. I've used sequence numbering before and it's worked!

Author

Commented:
I've done a bit more testing in an offline environment and it seems that extended ACLs can be edited using sequence numbers but standard lists cannot- which would explain why the commands listed above didn't work as expected.

Is the same this other people's experience?

Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

I've always copied the access list to a text editor, modified it accordingly, then issued the "no access-list nnn" and then pasted the ENTIRE new access list, including the additional lines.

Works for me!
Sr. Systems Engineer
Top Expert 2008
Commented:
steven, you hit the nail on the head. Works for extended acls only, not standard.

Author

Commented:
Thank you, a great help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial