cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
0
Helpful
10
Replies
Highlighted
Beginner

Adding access-list 52 permit 10.50.1.2

Hi,

 

How can I add another access-list 52 permit 10.50.1.2? 

Access rule can't be configured at higher sequence num as it is part of the existing rule at sequence num 50

access-list 52 permit 172.10.4.1
access-list 52 permit 10.50.1.0 0.0.0.255

10 REPLIES 10
Highlighted
VIP Mentor

Re: Adding access-list 52 permit 10.50.1.2

Hello,

 

the error is generated because host 10.50.1.2 is included in 10.50.1.0 0.0.0.255. If you need that entry, you have to add the access list as below (the entry for 10.50.1.2 would still be redundant though, but it can be added):

 

access-list 52 permit 172.10.4.1
access-list 52 permit 10.50.1.2
access-list 52 permit 10.50.1.0 0.0.0.255

Highlighted
Beginner

Re: Adding access-list 52 permit 10.50.1.2

Hi,

 

I tried enter the cmd "access-list 52 permit 10.50.1.2" but it doesnt take.

any specific method?

Highlighted
VIP Mentor

Re: Adding access-list 52 permit 10.50.1.2

Hello
You can edit a standard acl with a higher or lower sequence number without removing it you just need to specify it first.

example:

sh access-list

Standard IP access list 52
10 permit xxxx
20 permit xxxx
30 permit xxxx
etc

 

To edit the above- 
ip access-list standard 52
5 permit x.x.x.x



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
VIP Mentor

Re: Adding access-list 52 permit 10.50.1.2

Hello,

 

what options do you have when entering the access list ? If it takes 'access-list 52 permit 172.10.4.1' it should also take 'access-list 52 permit 10.50.1.2'

 

Delete the existing access list first before entering the edited one:

 

Router#conf t

Router(config)#no access-list 52

Router(config)#access-list 52 permit 172.10.4.1
Router(config)#access-list 52 permit 10.50.1.2
Router(config)#access-list 52 permit 10.50.1.0 0.0.0.255

 

 

Highlighted
Beginner

Re: Adding access-list 52 permit 10.50.1.2

Hi,

 

Router(config)#no access-list 52. Does this cmd affect the traffic if removed the whole acl?

If possible I would prefer insert the add-on acl in between.

The objective is to see if the new add-on acl gt ant traffic hits.-which is why single-host acl is specified before the subnet acl.  

 

Highlighted
VIP Mentor

Re: Adding access-list 52 permit 10.50.1.2

Hello,

 

what is the access list used for ? If you remove it, until you reapply it, all traffic will flow without restriction.

 

That said, whether you use the sequence numbers or not doesn't matter, it will generate the same error if you add the subnet before the host entry.

Highlighted
VIP Mentor

Re: Adding access-list 52 permit 10.50.1.2


@getaway51 wrote:

Hi,

If possible I would prefer insert the add-on acl in between.

The objective is to see if the new add-on acl gt ant traffic hits.-which is why single-host acl is specified before the subnet acl.  


Then edit the acl instead of removing it !



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
Beginner

Re: Adding access-list 52 permit 10.50.1.2

Hi,

 

lf existing there have

10 permit 4.4.4.4

20 deny 4.4.4.0 0.0.0.255

Then i ADD-ON 11 permit 4.4.4.5

Typically to edit an acl, is it add a sequence number (currently not used) in between where we want to add it?

Is this the best way to add an entry into existing configured ACL?

 

Highlighted
VIP Mentor

Re: Adding access-list 52 permit 10.50.1.2

Hello,

 

sequence numbers can indeed be used to insert an access-list entry. The issue with the access list in your original post still remains, it will generate the message regardless of whether or not you use sequence numbers...

Highlighted
VIP Mentor

Re: Adding access-list 52 permit 10.50.1.2


@getaway51 wrote:

Hi,

 

lf existing there have

10 permit 4.4.4.4

20 deny 4.4.4.0 0.0.0.255

Then i ADD-ON 11 permit 4.4.4.5

Typically to edit an acl, is it add a sequence number (currently not used) in between where we want to add it?

Is this the best way to add an entry into existing configured ACL?

 


YES -  

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future