[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 464
  • Last Modified:

Editing Access list

Hi I am having the following access list in a production switch.  i need to move 250 permit ip any any (1813685726 matches) to the last , so the the access list below any will work out.

How to move the access-list 101 permit ip any any to the last .I tried in the following way
ip access-list extended 101
no 250..
The moment i give this command my access get stopped, and i need to login to console.
and give it again to access thru network.

KIndly help
180 deny tcp any any eq cmd log (11 matches)
    190 deny udp any any eq 550 log
    200 deny tcp any any eq 550 log
    210 deny tcp any any eq 136 log
    220 deny udp any any eq 136 log
    230 deny tcp any any eq 137 log
    240 deny tcp any any eq 138 log
    250 permit ip any any (1813685726 matches)
    260 permit udp any 172.30.38.0 0.0.0.127 eq tftp
    270 permit udp 172.30.38.0 0.0.0.127 any eq tftp
    280 permit udp any host 10.7.144.77 eq tftp
    290 permit udp host 10.7.144.77 any eq tftp
    300 permit udp any host 10.7.144.78 eq tftp
    310 permit udp host 10.7.144.78 any eq tftp
    320 permit tcp any host 172.30.196.215 range 135 139
    330 permit tcp host 172.30.196.215 any range 135 13

Open in new window

0
Inisai
Asked:
Inisai
3 Solutions
 
SanjeevlokeCommented:
config t
#ip access-list extended 101
#permit ip host 10.10.10.10 host 20.20.20.20
#no 250
#permit ip any any

10.10.10.10 i assumed is ur router IP which u telneted
20.20.20.20 i assumed ur machine IP from which u telnet.

second option will be just remove the ACL from interface edit it and again reapply ..u will not loose connection.
or make second ACL e.g 102 with desired statements ..remove the 101 ACL and apply new one.
0
 
InisaiAuthor Commented:
Thanks , but my requirement is bring 250 permit ip any any to the last line, Can u guide me on this ..

The second options provided by you , is very much helpful, and will keep for my knowledge purpose.

Since I have been given access only to modify ACL;,s, i cannot disable ACL101 in interface, or create new ACL.

0
 
SanjeevlokeCommented:
last line permit ip any any will come in last sequence ...
u cant use same 250 at last the number will change to 340 ..as i c 330 is last statement in above config which u gave...
0
 
adrianuta2004Commented:
you can try this:

permit ip any any
no 250

0
 
SeeMeShakinMyHeadCommented:
340 permit ip any any
no 250
That will add line 340 at the end for permit ip any any and remove line 250
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now