cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
712
Views
0
Helpful
1
Replies

ACL on ASA - line command

GRANT3779
Spotlight
Spotlight

Hi There,

I am creating a new ACL on an ASA.

I used the following commands

access-list VLAN127_IN line 20 remark ***Deny Traffic to Rest of Lan***
access-list VLAN127_IN line 30 extended deny ip 192.168.127.0 255.255.255.0 10.0.0.0 255.0.0.0 (hitcnt=0) 0x44b972b4
access-list VLAN127_IN line 40 extended deny ip 192.168.127.0 255.255.255.0 172.16.0.0 255.240.0.0 (hitcnt=0) 0xd0b6df6b
access-list VLAN127_IN line 50 extended deny ip 192.168.127.0 255.255.255.0 192.168.128.0 255.255.255.0 (hitcnt=0) 0xded09fe7
 

 

etc..

So I ever need to squeeze a new line in the middle of the ACL at any point I could use a number in between the current lines.

 

When I do a show access-list however it hasn't used my increments of 10, 20, 30 etc..The lines just go up 1,2,3,4 etc..

Is there a way round this?

access-list VLAN127_IN line 2 remark ***Deny Traffic to Rest of Lan***
access-list VLAN127_IN line 3 extended deny ip 192.168.127.0 255.255.255.0 10.0.0.0 255.0.0.0 (hitcnt=0) 0x44b972b4
access-list VLAN127_IN line 4 extended deny ip 192.168.127.0 255.255.255.0 172.16.0.0 255.240.0.0 (hitcnt=0) 0xd0b6df6b
access-list VLAN127_IN line 5 extended deny ip 192.168.127.0 255.255.255.0 192.168.128.0 255.255.255.0 (hitcnt=0) 0xded09fe7
 

1 Reply 1

kevin_giusti
Level 1
Level 1

When you use the line command with an access list it will insert the ACL in that spot and increment all lower entries by 1.

You shouldn't need to use increments of 10, 20, 30 since the ASA ACLs are pretty flexible but if you wanted to you would have to use the line command in your ACL.

Thanks,

Kevin

 

Review Cisco Networking for a $25 gift card