cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
518
Views
3
Helpful
7
Replies

Add Std ACL

chrissnop
Level 1
Level 1

hi guys, how to add an ACL to the existing ACL configuration?

Example, i have this one:

Standard IP access list 1
10 deny 11.12.13.14
20 permit any (52181890 matches)

 

I want to add another deny IP.

Can I just simply add like this:

access-list 1 deny host 6.7.8.9

 

Thanks. 

2 Accepted Solutions

Accepted Solutions

Mark Malone
VIP Alumni
VIP Alumni
Hi do ip access-list standard 1 11 deny host 6.7.8.9 exit conf t ip access-list resequence 1 10 10 exit sh ip access-lists 1

View solution in original post

Hi

The re-sequence command is optional I just use it to keep acls tidy and in blocks of 10s so you always have room to insert more lines if required , some acls can grow to be hundreds of lines long , you can still just put a line in between say 10 and 20 you don't have to re-sequence if you don't want to

And yes it should work all it does it changes it and fits in in blocks of 10

View solution in original post

7 Replies 7

Mark Malone
VIP Alumni
VIP Alumni
Hi do ip access-list standard 1 11 deny host 6.7.8.9 exit conf t ip access-list resequence 1 10 10 exit sh ip access-lists 1

Thank you, Mark.

Cheers!!!

Hi guys, thank you for your help.

Just another question:

Standard IP access list 1
    10 deny   1.12.13.14
    20 deny   2.15.16.17
    30 deny   3.18.19.20 (21 matches)
    40 permit any (83965005 matches)

So I added the 2 IP Addresses, if I need to add another one, can it be done like this:

The number "13" is for the new block IP:

 ip access-list standard 1 13 deny host 5.10.20.30 exit

But how about the re-sequence command, will the command below work?


 conf t ip access-list resequence 1 10 10 exit

Thanks.

Hi

The re-sequence command is optional I just use it to keep acls tidy and in blocks of 10s so you always have room to insert more lines if required , some acls can grow to be hundreds of lines long , you can still just put a line in between say 10 and 20 you don't have to re-sequence if you don't want to

And yes it should work all it does it changes it and fits in in blocks of 10

Thanks Mark, I thought it was required. Thanks again for the heads up. Cheers!!!  :)

Pawan Raut
Level 4
Level 4

If you want any acl statement on top then use

ip access-list standard 1 1 deny xxxxx

Thanks, Pawan.

Review Cisco Networking for a $25 gift card