Re: delete a item in numbered ACL

From: ccie2be (ccie2be@nyc.rr.com)
Date: Mon Oct 18 2004 - 07:43:32 GMT-3

• Next message: Ian Stong: "RE: delete a item in numbered ACL"
• Previous message: ccie2be: "Re: HSRP vs VRRP vs GLBP"
• Maybe in reply to: hktco: "delete a item in numbered ACL"
• Next in thread: Ian Stong: "RE: delete a item in numbered ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Brian,

With named acl's, is it possible to change the order of acl entries without
redoing the whole list?

Thanks
  ----- Original Message -----
  From: Brian Dennis
  To: ccie2be ; hktco ; ccielab@groupstudy.com
  Sent: Monday, October 18, 2004 12:04 AM
  Subject: RE: delete a item in numbered ACL

  It's actually been around for a long time. Just treat the numbered ACL as a
named ACL.

  See below:

  Rack1R1#show access-list

  Rack1R1#conf t

  Enter configuration commands, one per line. End with CNTL/Z.

  Rack1R1(config)#access-list 100 permit tcp host 1.1.1.1 any eq 23

  Rack1R1(config)#access-list 100 permit tcp host 1.1.1.1 any eq 80

  Rack1R1(config)#access-list 100 deny tcp host 1.1.1.1 any

  Rack1R1(config)#access-list 100 permit ip any any

  Rack1R1(config)#do show access-list

  Extended IP access list 100

      10 permit tcp host 1.1.1.1 any eq telnet

      20 permit tcp host 1.1.1.1 any eq www

      30 deny tcp host 1.1.1.1 any

      40 permit ip any any

  Rack1R1(config)#ip access-list extended 100

  Rack1R1(config-ext-nacl)#no permit tcp host 1.1.1.1 any eq www

  Rack1R1(config-ext-nacl)#exit

  Rack1R1(config)#do show access-list

  Extended IP access list 100

      10 permit tcp host 1.1.1.1 any eq telnet

      30 deny tcp host 1.1.1.1 any

      40 permit ip any any

  Rack1R1(config)#

  Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)

  bdennis@internetworkexpert.com

  Internetwork Expert, Inc.

  http://www.InternetworkExpert.com

  Toll Free: 877-224-8987

  Direct: 775-745-6404 (Outside the US and Canada)

  -----Original Message-----
  From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
  Sent: Friday, October 15, 2004 8:29 PM
  To: hktco; ccielab@groupstudy.com
  Subject: Re: delete a item in numbered ACL

  Yes, it is true. I don't remember all the details, but if you go to the

  Doc-CD under IOS 12.3, you'll see it under New Features in the IP Services

  section.

  http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/r
elease/122s14/fsaclseq.htm

  HTH, Tim

  ----- Original Message -----

  From: "hktco" <ccnpcert@hotmail.com>

  To: <ccielab@groupstudy.com>

  Sent: Friday, October 15, 2004 8:49 PM

  Subject: delete a item in numbered ACL

> Hi,

>

> Read that items in a numbered ACL can be deleted without taking down the

> entire ACL. Is it true and how?

>

> hktco

>

> _______________________________________________________________________

> Subscription information may be found at:

> http://www.groupstudy.com/list/CCIELab.html

  _______________________________________________________________________

  Subscription information may be found at:

  http://www.groupstudy.com/list/CCIELab.html

• Next message: Ian Stong: "RE: delete a item in numbered ACL"
• Previous message: ccie2be: "Re: HSRP vs VRRP vs GLBP"
• Maybe in reply to: hktco: "delete a item in numbered ACL"
• Next in thread: Ian Stong: "RE: delete a item in numbered ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:49 GMT-3