06 Dec 2011 - Lab-Rat
One of the things that took me a while to get was how to edit an ACL after I had configured it. I used to just copy/paste the ACL from the running config into notepad, make my edits, then delete it out of the router, then paste it back in. Sometimes that’s still the fastest way if you have lots of changes- but for the little stuff knowing how to edit and resequence is helpful. Here’s a quick guide:
Router(config)#access-list 10 permit host 192.168.1.2
Router(config)#access-list 10 deny any log
Router(config)#exit
Router#show access-lists
Standard IP access list 10
10 permit 192.168.1.2
20 deny any log
To insert a line in between entries, you just need to find a number in between, then add the line starting with that number. So if we have lines 10 and 20, we can use 15 (or 11, or 17, you get the idea) and just add it directly.
Router(config)#ip access-list standard 10
Router(config-std-nacl)#15 permit host 192.168.1.5
Router(config-std-nacl)#do show access-lists
Standard IP access list 10
10 permit 192.168.1.2
15 permit 192.168.1.5
20 deny any log
Killing a line is easy, just put “no” in front of the line number.
Router(config)#ip access-list standard 10
Router(config-std-nacl)#no 15
Router(config-std-nacl)#do show access-lists
Standard IP access list 10
10 permit 192.168.1.2
20 deny any log
If you happen to have a list with many edits, you may actually run out of room to insert additional entries. If you do, just renumber the list. You specify the access list number, starting number, and increment. Here’s how that works:
Router#show access-lists
Standard IP access list 10
10 permit 192.168.1.2
15 permit 192.168.1.5
20 deny any log
Router(config)#ip access-list resequence 10 100 10
Router(config)#do show access-list
Standard IP access list 10
100 permit 192.168.1.2
110 permit 192.168.1.5
120 deny any log
Additional Reading:
Cisco Command Reference