cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Reader Tip - Resequence Entries in an ACL

34242
Views
20
Helpful
4
Comments

This month's tip from Kasiraman Eljay explains how the "ip access-list resequence" command can be very helpful.  Thanks to Kasiraman for sending in his favorite tip!

I found the “ip access-list resequence” command for an ACL to be very helpful. Most of the time network operators try to remove the ACL, edit the entries in notepad, and then paste the ACL back in via the CLI.  Resequencing the ACL can reduce the overhead to accomplish this when specific edits are needed.

Take for example the following ACL to illustrate the concept:

Router_#sh ip access-lists TEST

Extended IP access list TEST

2 permit ip host 10.10.10.1 host 10.10.10.2

3 permit ip host 10.10.10.3 host 10.10.10.4

Now let’s assume that an entry is needed between the two existing lines in the ACL.

To do this we need to have a gap in the middle so let’s assign a new set of sequence numbers.

Router_(config)#ip access-list resequence TEST 10 10

This starts the first entry with a sequence number of 10 and increments all new lines by 10. The result is:

Router_#sh ip access-lists TEST

Extended IP access list TEST

10 permit ip host 10.10.10.1 host 10.10.10.2

20 permit ip host 10.10.10.3 host 10.10.10.4

Now it’s easy to insert a new ACL entry with a sequence number of say 15 that would fall between the two existing entries in the TEST access-list.

The Configuration URL for reference is:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html

Subscribe to the TS Newsletter today at:

https://tools.cisco.com/gdrp/coiga/showsurvey.do?surveyCode=474&keyCode=123668_1

Comments
George Johnston
Beginner

One caveat to keep in mind with this is if you use remarks in your ACL for documenting entries, they get screwed up using this technique.

rhbmcse
Beginner

For a trainee CCNA student - I googled this straight after doing the training - the immediate question was "what if the ACL list needs the orders changing then" - which wasn't covered in my course.  I can see this being a real-life scenario that could bite you quite hard.  Thanks for sharing.

 This command is very useful as I worked in a hub node for the army that used sequencing and was never told of this command.  Like many others they would pull entire acls out just to resequence them.  if you need to add or remove or even move the acl this is a very easy task to accomplish.  once moving, removing, or  adding to the acl just re run the resequence command and your back to a clean acl.  Love it.

anilkumar.cisco
Participant

thanks.. but the provided link is not working.. seems outdated.. Pls update new link.. thanks..