Solved: Re: Access list Configuration

Ganesh Devarshetty · ‎07-31-2023

I want to add an entry in existing access-list & want to preserve the sequence number how can this be done.

For E.g

ip access-list extended abc
250 permit tcp x.x.x.x 0.0.0.255 host c.c.c.c eq 443
260 permit tcp y.y.y.y 0.0.0.255 host d.d.d.d eq 443
270 deny ip z.z.z.z 0.0.0.255 a.a.a.a 0.255.255.255
280 permit ip any any

I want to add an entry between 250 & 260 but also want to preserve the standard sequence.

Flavio Miranda · ‎07-31-2023

Hi @Ganesh Devarshetty

You can add the sequency you need and after that you can use the command

ip access-list resequence abc 250 10

It will organize from 250 up to the last line counting 10 in 10.

View solution in original post

MHM Cisco World · ‎07-31-2023

You can add line 255.

Ganesh Devarshetty · ‎07-31-2023

Hi, I want the sequence number should have the difference of 10..

MHM Cisco World · ‎07-31-2023

Let try this in lab update you after 15 min

MHM Cisco World · ‎07-31-2023

this lab I add 255 between two line 250 and 260 and then resequnce 10 10

((Or 250 10) it depends one which steps sequence start.)

M02@rt37 · ‎07-31-2023

Hello @Ganesh Devarshetty

To add a new entry between sequence numbers 250 and 260 in the existing access-list while preserving the standard sequence, you can use the "sequence" keyword along with a new sequence number for the new entry.

You say "I want to add an entry between 250 & 260 but also want to preserve the standard sequence."

By inserting the new entry with sequence number 255, it will be placed between the existing sequence numbers 250 and 260, while preserving the original sequence order. This way, the new entry is added at the desired position in the access-list without affecting the existing sequence numbers.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Ganesh Devarshetty · ‎07-31-2023

Hi, I want the sequence number should have the difference of 10..

M02@rt37 · ‎07-31-2023

OK @Ganesh Devarshetty

Rewrite you ACL and copy paste your ACL updated!

You want the sequence number should have the difference of 10.... then how you want add an entry between 250 & 260 ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Ganesh Devarshetty · ‎07-31-2023

I want the output should be like below.

Below or between 250 adding new entry should 260 has the new sequence number and other entries should get updated..this that possible ?

ip access-list extended abc
250 permit tcp x.x.x.x 0.0.0.255 host c.c.c.c eq 443

260 permit tcp e.e.e.e 0.0.0.255 host f.f.f.f eq443
270 permit tcp y.y.y.y 0.0.0.255 host d.d.d.d eq 443
280 deny ip z.z.z.z 0.0.0.255 a.a.a.a 0.255.255.255
290 permit ip any any

MHM Cisco World · ‎07-31-2023

see my lab above,
by the way my answer is same as @Flavio Miranda answer.
thanks
MHM

M02@rt37 · ‎07-31-2023

OK @Ganesh Devarshetty

~~Not possible for that "automatic" updated way! No automatic shift for that sequence number.~~

You have to rewrite you ACL and copy paste your ACL updated!

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Ganesh Devarshetty · ‎07-31-2023

This commands works..ip access-list resequence abc 250 10

M02@rt37 · ‎07-31-2023

Perfect!

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Flavio Miranda · ‎07-31-2023

Hi @Ganesh Devarshetty

You can add the sequency you need and after that you can use the command

ip access-list resequence abc 250 10

It will organize from 250 up to the last line counting 10 in 10.