One of the things that took me a while to get was how to edit an ACL after I had configured it. I used to just copy/paste the ACL from the running config into notepad, make my edits, then delete it out of the router, then paste it back in. Sometimes that's still the fastest way if you have lots of changes- but for the little stuff knowing how to edit and resequence is helpful. Here's a quick guide:

Create a Simple Standard Access List:

Router(config)#access-list 10 permit host 192.168.1.2
Router(config)#access-list 10 deny any log
Router(config)#exit

Verify the Access List:

Router#show access-lists
Standard IP access list 10
10 permit 192.168.1.2
20 deny any log

Add a Line in Between Existing Entries:

To insert a line in between entries, you just need to find a number in between, then add the line starting with that number. So if we have lines 10 and 20, we can use 15 (or 11, or 17, you get the idea) and just add it directly.

Router(config)#ip access-list standard 10
Router(config-std-nacl)#15 permit host 192.168.1.5

Router(config-std-nacl)#do show access-lists
Standard IP access list 10
10 permit 192.168.1.2
15 permit 192.168.1.5
20 deny any log

Delete an Existing Entry:

Killing a line is easy, just put "no" in front of the line number.

Router(config)#ip access-list standard 10
Router(config-std-nacl)#no 15
Router(config-std-nacl)#do show access-lists
Standard IP access list 10
10 permit 192.168.1.2
20 deny any log

Renumber an Access List:

If you happen to have a list with many edits, you may actually run out of room to insert additional entries. If you do, just renumber the list. You specify the access list number, starting number, and increment. Here's how that works:

Router#show access-lists
Standard IP access list 10
10 permit 192.168.1.2
15 permit 192.168.1.5
20 deny any log

Router(config)#ip access-list resequence 10 100 10
Router(config)#do show access-list
Standard IP access list 10
100 permit 192.168.1.2
110 permit 192.168.1.5
120 deny any log

Additional Reading:
Cisco Command Reference

{ 0 comments }

Setting a Preferred Route with Equal Cost Routes in EIGRP

There are basically three ways to prefer one equal cost route over another in EIGRP. All three either change the metric (modify delay or the composite metric), or change the administrative distance. Method 1, Changing the Metric by Modifying Delay Since EIGRP only uses the lowest link bandwidth and cumulative delay in the default metric […]

Read the full article →

DHCP Configuration Tips

On the CCIE lab, we may have to configure a DHCP server. Here’s a quick configuration, as well as a few helpful commands for doing that quickly and easily. Sample Config !disable address conflict logging R702(config)#no ip dhcp conflict logging !exclude addresses R702(config)#ip dhcp excluded-address x.x.x.x [y.y.y.y] !create the address pool R702(config)#ip dhcp pool name […]

Read the full article →

Route Filtering with an EIGRP Distribute List

The Lab Configuration It doesn’t get much simpler than this- just a few routers in a row. For this exercise, we’re only concerned about R1 and R2. Here’s the route table before filtering. R1#show ip route C 1.0.0.0/8 is directly connected, Loopback1 D 2.0.0.0/8 [90/156160] via 172.16.12.2, 00:22:51, FastEthernet0/0 D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:52:04, […]

Read the full article →

Redistribution Tips

Protocol Specific Configuration Notes OSPF – use the subnets command. If a metric not specified, OSPF sets it to 20, except for BGP, which get set to 1. EIGRP – specify a metric for the redistributed routes, or use the default-metric command. 10000 100 255 100 1500 works fine. Good idea to add no auto-summary […]

Read the full article →