Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel

Reader Tip - Resequence Entries in an ACL

41098
Views
25
Helpful
4
Comments
Julie Burruss
Enthusiast
‎03-30-2011 07:08 AM
edited on: ‎03-01-2019 ‎04:38 PM

This month's tip from Kasiraman Eljay explains how the "ip access-list resequence" command can be very helpful.  Thanks to Kasiraman for sending in his favorite tip!

I found the “ip access-list resequence” command for an ACL to be very helpful. Most of the time network operators try to remove the ACL, edit the entries in notepad, and then paste the ACL back in via the CLI.  Resequencing the ACL can reduce the overhead to accomplish this when specific edits are needed.

Take for example the following ACL to illustrate the concept:

Router_#sh ip access-lists TEST

Extended IP access list TEST

2 permit ip host 10.10.10.1 host 10.10.10.2

3 permit ip host 10.10.10.3 host 10.10.10.4

Now let’s assume that an entry is needed between the two existing lines in the ACL.

To do this we need to have a gap in the middle so let’s assign a new set of sequence numbers.

Router_(config)#ip access-list resequence TEST 10 10

This starts the first entry with a sequence number of 10 and increments all new lines by 10. The result is:

Router_#sh ip access-lists TEST

Extended IP access list TEST

10 permit ip host 10.10.10.1 host 10.10.10.2

20 permit ip host 10.10.10.3 host 10.10.10.4

Now it’s easy to insert a new ACL entry with a sequence number of say 15 that would fall between the two existing entries in the TEST access-list.

The Configuration URL for reference is:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html

Subscribe to the TS Newsletter today at:

https://tools.cisco.com/gdrp/coiga/showsurvey.do?surveyCode=474&keyCode=123668_1

Comments
George Johnston
Beginner
Beginner
‎05-06-2011 07:35 AM
‎05-06-2011 07:35 AM

One caveat to keep in mind with this is if you use remarks in your ACL for documenting entries, they get screwed up using this technique.

rhbmcse
Beginner
Beginner
‎11-09-2017 07:16 AM
‎11-09-2017 07:16 AM

For a trainee CCNA student - I googled this straight after doing the training - the immediate question was "what if the ACL list needs the orders changing then" - which wasn't covered in my course.  I can see this being a real-life scenario that could bite you quite hard.  Thanks for sharing.

brandon.m.strode1
Beginner
Beginner
‎02-15-2018 08:56 AM
‎02-15-2018 08:56 AM

 This command is very useful as I worked in a hub node for the army that used sequencing and was never told of this command.  Like many others they would pull entire acls out just to resequence them.  if you need to add or remove or even move the acl this is a very easy task to accomplish.  once moving, removing, or  adding to the acl just re run the resequence command and your back to a clean acl.  Love it.

anilkumar.cisco
Enthusiast
Enthusiast
‎05-14-2020 12:24 AM
‎05-14-2020 12:24 AM

thanks.. but the provided link is not working.. seems outdated.. Pls update new link.. thanks..

Latest Contents
max sdwan tunnels supported
Created by avdheshkumar on 06-24-2022 09:14 PM
0
0
0
0
Hi All,   plannign to deploy sdwan for around 100 sites with cat8300 routers at each site. can you help me with the max number of tunnels supported .   Regards, Avdhesh 
Upgrade Internet router with new ISP for NEW BGP as a second...
Created by byme88 on 06-24-2022 04:59 PM
3
5
3
5
I have an existing Internet router Cisco 3945 that have an existing BGP connection, I am planning to replace this router with a new Cisco 4331, adding an additional Gigabit interface to peering with a NEW ISP for another BGP peering. The goal is to termin... view more
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Cisco RSP4+ (R5000) traceback logs
Created by oscar.garciaj8 on 06-24-2022 02:43 PM
2
0
2
0
Hi !   I have faced this traceback logs , do you know what does that mean?       Jun 23 08:50:17: %CONTROLLER-5-UPDOWN: Controller E1 0/0/3, changed state to up Jun 23 09:02:40: %RSP-3-SLAVECHANGE: Slave changed state from Slave to... view more
How to recovery password on cisco nexus 3k
Created by Gerardo Gzz on 06-24-2022 11:42 AM
1
0
1
0
FriendsI want to recover the admin password and i follow the procedure of recovery password but the keys for break the boot process doesnt works.There are the keys that i was using CTRL ]  ,, CTR L ,  CTR C , ESCI need to reach the boot loa... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad