Solved

Editing Access list

Posted on 2011-09-06
5
441 Views
Last Modified: 2012-05-12
Hi I am having the following access list in a production switch.  i need to move 250 permit ip any any (1813685726 matches) to the last , so the the access list below any will work out.

How to move the access-list 101 permit ip any any to the last .I tried in the following way
ip access-list extended 101
no 250..
The moment i give this command my access get stopped, and i need to login to console.
and give it again to access thru network.

KIndly help
180 deny tcp any any eq cmd log (11 matches)
    190 deny udp any any eq 550 log
    200 deny tcp any any eq 550 log
    210 deny tcp any any eq 136 log
    220 deny udp any any eq 136 log
    230 deny tcp any any eq 137 log
    240 deny tcp any any eq 138 log
    250 permit ip any any (1813685726 matches)
    260 permit udp any 172.30.38.0 0.0.0.127 eq tftp
    270 permit udp 172.30.38.0 0.0.0.127 any eq tftp
    280 permit udp any host 10.7.144.77 eq tftp
    290 permit udp host 10.7.144.77 any eq tftp
    300 permit udp any host 10.7.144.78 eq tftp
    310 permit udp host 10.7.144.78 any eq tftp
    320 permit tcp any host 172.30.196.215 range 135 139
    330 permit tcp host 172.30.196.215 any range 135 13

Open in new window

0
Comment
Question by:Inisai
5 Comments
 
LVL 6

Accepted Solution

by:
Sanjeevloke earned 200 total points
ID: 36494205
config t
#ip access-list extended 101
#permit ip host 10.10.10.10 host 20.20.20.20
#no 250
#permit ip any any

10.10.10.10 i assumed is ur router IP which u telneted
20.20.20.20 i assumed ur machine IP from which u telnet.

second option will be just remove the ACL from interface edit it and again reapply ..u will not loose connection.
or make second ACL e.g 102 with desired statements ..remove the 101 ACL and apply new one.
0
 

Author Comment

by:Inisai
ID: 36494226
Thanks , but my requirement is bring 250 permit ip any any to the last line, Can u guide me on this ..

The second options provided by you , is very much helpful, and will keep for my knowledge purpose.

Since I have been given access only to modify ACL;,s, i cannot disable ACL101 in interface, or create new ACL.

0
 
LVL 6

Expert Comment

by:Sanjeevloke
ID: 36494231
last line permit ip any any will come in last sequence ...
u cant use same 250 at last the number will change to 340 ..as i c 330 is last statement in above config which u gave...
0
 
LVL 2

Assisted Solution

by:adrianuta2004
adrianuta2004 earned 150 total points
ID: 36494299
you can try this:

permit ip any any
no 250

0
 
LVL 8

Assisted Solution

by:SeeMeShakinMyHead
SeeMeShakinMyHead earned 150 total points
ID: 36494620
340 permit ip any any
no 250
That will add line 340 at the end for permit ip any any and remove line 250
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large and small networks have one same need, Service monitoring. Service monitoring consists of watch services of the several servers in the network. To monitor means that the administrator will receive an alert when a service is down or it's state …
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now