Solved

Editing Access list

Posted on 2011-09-06
5
455 Views
Last Modified: 2012-05-12
Hi I am having the following access list in a production switch.  i need to move 250 permit ip any any (1813685726 matches) to the last , so the the access list below any will work out.

How to move the access-list 101 permit ip any any to the last .I tried in the following way
ip access-list extended 101
no 250..
The moment i give this command my access get stopped, and i need to login to console.
and give it again to access thru network.

KIndly help
180 deny tcp any any eq cmd log (11 matches)
    190 deny udp any any eq 550 log
    200 deny tcp any any eq 550 log
    210 deny tcp any any eq 136 log
    220 deny udp any any eq 136 log
    230 deny tcp any any eq 137 log
    240 deny tcp any any eq 138 log
    250 permit ip any any (1813685726 matches)
    260 permit udp any 172.30.38.0 0.0.0.127 eq tftp
    270 permit udp 172.30.38.0 0.0.0.127 any eq tftp
    280 permit udp any host 10.7.144.77 eq tftp
    290 permit udp host 10.7.144.77 any eq tftp
    300 permit udp any host 10.7.144.78 eq tftp
    310 permit udp host 10.7.144.78 any eq tftp
    320 permit tcp any host 172.30.196.215 range 135 139
    330 permit tcp host 172.30.196.215 any range 135 13

Open in new window

0
Comment
Question by:Inisai
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Accepted Solution

by:
Sanjeevloke earned 200 total points
ID: 36494205
config t
#ip access-list extended 101
#permit ip host 10.10.10.10 host 20.20.20.20
#no 250
#permit ip any any

10.10.10.10 i assumed is ur router IP which u telneted
20.20.20.20 i assumed ur machine IP from which u telnet.

second option will be just remove the ACL from interface edit it and again reapply ..u will not loose connection.
or make second ACL e.g 102 with desired statements ..remove the 101 ACL and apply new one.
0
 

Author Comment

by:Inisai
ID: 36494226
Thanks , but my requirement is bring 250 permit ip any any to the last line, Can u guide me on this ..

The second options provided by you , is very much helpful, and will keep for my knowledge purpose.

Since I have been given access only to modify ACL;,s, i cannot disable ACL101 in interface, or create new ACL.

0
 
LVL 6

Expert Comment

by:Sanjeevloke
ID: 36494231
last line permit ip any any will come in last sequence ...
u cant use same 250 at last the number will change to 340 ..as i c 330 is last statement in above config which u gave...
0
 
LVL 2

Assisted Solution

by:adrianuta2004
adrianuta2004 earned 150 total points
ID: 36494299
you can try this:

permit ip any any
no 250

0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 150 total points
ID: 36494620
340 permit ip any any
no 250
That will add line 340 at the end for permit ip any any and remove line 250
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question