Solved

Editing Access list

Posted on 2011-09-06
5
445 Views
Last Modified: 2012-05-12
Hi I am having the following access list in a production switch.  i need to move 250 permit ip any any (1813685726 matches) to the last , so the the access list below any will work out.

How to move the access-list 101 permit ip any any to the last .I tried in the following way
ip access-list extended 101
no 250..
The moment i give this command my access get stopped, and i need to login to console.
and give it again to access thru network.

KIndly help
180 deny tcp any any eq cmd log (11 matches)
    190 deny udp any any eq 550 log
    200 deny tcp any any eq 550 log
    210 deny tcp any any eq 136 log
    220 deny udp any any eq 136 log
    230 deny tcp any any eq 137 log
    240 deny tcp any any eq 138 log
    250 permit ip any any (1813685726 matches)
    260 permit udp any 172.30.38.0 0.0.0.127 eq tftp
    270 permit udp 172.30.38.0 0.0.0.127 any eq tftp
    280 permit udp any host 10.7.144.77 eq tftp
    290 permit udp host 10.7.144.77 any eq tftp
    300 permit udp any host 10.7.144.78 eq tftp
    310 permit udp host 10.7.144.78 any eq tftp
    320 permit tcp any host 172.30.196.215 range 135 139
    330 permit tcp host 172.30.196.215 any range 135 13

Open in new window

0
Comment
Question by:Inisai
5 Comments
 
LVL 6

Accepted Solution

by:
Sanjeevloke earned 200 total points
ID: 36494205
config t
#ip access-list extended 101
#permit ip host 10.10.10.10 host 20.20.20.20
#no 250
#permit ip any any

10.10.10.10 i assumed is ur router IP which u telneted
20.20.20.20 i assumed ur machine IP from which u telnet.

second option will be just remove the ACL from interface edit it and again reapply ..u will not loose connection.
or make second ACL e.g 102 with desired statements ..remove the 101 ACL and apply new one.
0
 

Author Comment

by:Inisai
ID: 36494226
Thanks , but my requirement is bring 250 permit ip any any to the last line, Can u guide me on this ..

The second options provided by you , is very much helpful, and will keep for my knowledge purpose.

Since I have been given access only to modify ACL;,s, i cannot disable ACL101 in interface, or create new ACL.

0
 
LVL 6

Expert Comment

by:Sanjeevloke
ID: 36494231
last line permit ip any any will come in last sequence ...
u cant use same 250 at last the number will change to 340 ..as i c 330 is last statement in above config which u gave...
0
 
LVL 2

Assisted Solution

by:adrianuta2004
adrianuta2004 earned 150 total points
ID: 36494299
you can try this:

permit ip any any
no 250

0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 150 total points
ID: 36494620
340 permit ip any any
no 250
That will add line 340 at the end for permit ip any any and remove line 250
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EIGRP Load sharing 12 81
Is WiFi half-duplex or Full -duplex 4 58
Interface VLAN dependencies 6 56
Cisco 887VA secondary outgoing IP Address diferent from Default Dialer 4 32
Introduction Many times we come across a slowness or instability between two hosts, and almost always we blame the poor networking guys, just because they're an easy target.  Sometimes we forget that other factors including disk bottlenecks, CPU …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question