This month's tip from Kasiraman Eljay explains how the "ip access-list resequence" command can be very helpful. Thanks to Kasiraman for sending in his favorite tip!
I found the “ip access-list resequence” command for an ACL to be very helpful. Most of the time network operators try to remove the ACL, edit the entries in notepad, and then paste the ACL back in via the CLI. Resequencing the ACL can reduce the overhead to accomplish this when specific edits are needed.
Take for example the following ACL to illustrate the concept:
Router_#sh ip access-lists TEST
Extended IP access list TEST
2 permit ip host 10.10.10.1 host 10.10.10.2
3 permit ip host 10.10.10.3 host 10.10.10.4
Now let’s assume that an entry is needed between the two existing lines in the ACL.
To do this we need to have a gap in the middle so let’s assign a new set of sequence numbers.
Router_(config)#ip access-list resequence TEST 10 10
This starts the first entry with a sequence number of 10 and increments all new lines by 10. The result is:
Router_#sh ip access-lists TEST
Extended IP access list TEST
10 permit ip host 10.10.10.1 host 10.10.10.2
20 permit ip host 10.10.10.3 host 10.10.10.4
Now it’s easy to insert a new ACL entry with a sequence number of say 15 that would fall between the two existing entries in the TEST access-list.
The Configuration URL for reference is:
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html
Subscribe to the TS Newsletter today at:
https://tools.cisco.com/gdrp/coiga/showsurvey.do?surveyCode=474&keyCode=123668_1