access list order

tonynsx · ‎02-06-2019

Hello,

I have the following access list on my Cisco router. How can I edit the order. For example, if I want to add a deny "15 deny ip host 8.8.8.8 any", so that it's in between 10 and 20, how would I do that?

Extended IP access list 105
10 deny ip host 46.37.13.132 any
20 deny ip host 94.199.182.46 any
30 permit ip any any (5955 matches)

Thanks,

Tony

Rob Ingram · ‎02-06-2019

Hi,
With a numbered access-list you can either use the command "ip access-list resequence access-list-name starting-sequence-number increment." or you would remove the ACL and re-add in the required order.

HTH

Sergey Lisitsin · ‎02-06-2019

RJI,

The resequencing won't do anything to re-arrange the entries in the access list. All it does is it allows you to create/widen the gaps between the entries, so for examlpe if you used the step of 1 and have sequence numbers 1,2,3,4 and 5, then you can't squeeze any new entries between existing ones. In this case, resequencing the access list will allow you to change the step and make these sequence numbers 10,20,30,40 and 50 for examlpe.

Krishan · ‎11-15-2023

ip access-list resequence 100 10 10 # with 100 = access-list number ; 10 = first number in access-list and 10 steps for increment the next number in the access-list

Sergey Lisitsin · ‎02-06-2019

tonynsx,

Very easily done. Instead of using command "access-list 105", use command "ip access-list extended 105".

Then you will be able to just start your line with a new sequence number, for example

15 permit ip host x.x.x.x host y.y.y.y and it will place it between the sequence numbers 10 and 20.