https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4121794#M561798 <P>Hi,</P><P>&nbsp;</P><P>1.which type of ACL allow for removing a single entery without removing the entire ACL?</P><P>2. which type of ACL allows you to open port only after someone has successfully logged into router?</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 20 Jul 2020 12:10:31 GMT Yanaqr 2020-07-20T12:10:31Z https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4121794#M561798 <P>Hi,</P><P>&nbsp;</P><P>1.which type of ACL allow for removing a single entery without removing the entire ACL?</P><P>2. which type of ACL allows you to open port only after someone has successfully logged into router?</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 20 Jul 2020 12:10:31 GMT https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4121794#M561798 Yanaqr 2020-07-20T12:10:31Z https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4121922#M561801 <P>&nbsp;</P> <P>you can have ACL with only number replace and add, rather removing all ACL.</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-acl-seq-num.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-acl-seq-num.html</A></P> <P>&nbsp;</P> <P>which type of ACL allows you to open port only after someone has successfully logged into router?</P> <P>&nbsp;</P> <P>required more information and example of the use case - since this can be achieved in different ways.</P> <P>&nbsp;</P> Mon, 20 Jul 2020 15:28:18 GMT https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4121922#M561801 balaji.bandi 2020-07-20T15:28:18Z https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4122172#M561812 <P>&nbsp;</P><P>All standard, extended, and Named ACLs allow for removing a single entry without removing the entire ACL; Long time ago, like pre-IOS 12.2 or around that time, standard ACL could not be edited such way.&nbsp;&nbsp; New IOS fixed that issue by applying <EM>numbering</EM> to ACL entries.</P><P>If you look at category like traditional ACL (old standard acl) vs Named acl vs Numbered acl (extended and new standard acls), then "old" traditional could not be edited (at least the easy way).</P><P>There are other ACL categorizes: Role-based, Time-based, reflexive ACLs, and dynamic ACL</P><P><EM>will attach source link once i lookup my notes</EM></P><P>&nbsp;</P><P>Regards, ML<BR />**Please Rate All Helpful Responses **</P><P>&nbsp;</P> Mon, 20 Jul 2020 22:48:21 GMT https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4122172#M561812 Martin L 2020-07-20T22:48:21Z https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4122198#M561813 <BR />Re: Q.2. looks like the Dynamic ACLs or lock-and-key ACLs are created to allow user access to a specific source/destination host through a user authentication process. Cisco implementations utilize IOS Firewall capabilities and do not hinder existing security restrictions.<BR />source:<BR />(<A href="https://community.cisco.com/t5/security-documents/acl/ta-p/3113522#toc-hId--767837352" target="_blank">https://community.cisco.com/t5/security-documents/acl/ta-p/3113522#toc-hId--767837352</A>) Mon, 20 Jul 2020 22:49:05 GMT https://community.cisco.com/t5/network-access-control/two-questions-acl/m-p/4122198#M561813 Martin L 2020-07-20T22:49:05Z