Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1298
Views
0
Helpful
10
Replies

Adding access-list 52 permit 10.50.1.2

getaway51
Level 2
Level 2

‎12-25-2019 11:34 PM

Hi,

 

How can I add another access-list 52 permit 10.50.1.2? 

Access rule can't be configured at higher sequence num as it is part of the existing rule at sequence num 50

access-list 52 permit 172.10.4.1
access-list 52 permit 10.50.1.0 0.0.0.255

Labels:
0 Helpful
10 Replies 10

Georg Pauwen
VIP
VIP

‎12-26-2019 12:40 AM

Hello,

 

the error is generated because host 10.50.1.2 is included in 10.50.1.0 0.0.0.255. If you need that entry, you have to add the access list as below (the entry for 10.50.1.2 would still be redundant though, but it can be added):

 

access-list 52 permit 172.10.4.1
access-list 52 permit 10.50.1.2
access-list 52 permit 10.50.1.0 0.0.0.255

0 Helpful

getaway51
Level 2
Level 2
In response to Georg Pauwen

‎12-26-2019 01:10 AM

Hi,

 

I tried enter the cmd "access-list 52 permit 10.50.1.2" but it doesnt take.

any specific method?

0 Helpful

paul driver
VIP
VIP
In response to getaway51

‎12-26-2019 01:47 AM - edited ‎12-26-2019 01:56 AM

Hello
You can edit a standard acl with a higher or lower sequence number without removing it you just need to specify it first.

example:

sh access-list

Standard IP access list 52
10 permit xxxx
20 permit xxxx
30 permit xxxx
etc

 

To edit the above- 
ip access-list standard 52
5 permit x.x.x.x


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Georg Pauwen
VIP
VIP
In response to getaway51

‎12-26-2019 01:55 AM

Hello,

 

what options do you have when entering the access list ? If it takes 'access-list 52 permit 172.10.4.1' it should also take 'access-list 52 permit 10.50.1.2'

 

Delete the existing access list first before entering the edited one:

 

Router#conf t

Router(config)#no access-list 52

Router(config)#access-list 52 permit 172.10.4.1
Router(config)#access-list 52 permit 10.50.1.2
Router(config)#access-list 52 permit 10.50.1.0 0.0.0.255

 

 

0 Helpful

getaway51
Level 2
Level 2
In response to Georg Pauwen

‎12-26-2019 03:51 AM

Hi,

 

Router(config)#no access-list 52. Does this cmd affect the traffic if removed the whole acl?

If possible I would prefer insert the add-on acl in between.

The objective is to see if the new add-on acl gt ant traffic hits.-which is why single-host acl is specified before the subnet acl.  

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to getaway51

‎12-26-2019 04:26 AM

Hello,

 

what is the access list used for ? If you remove it, until you reapply it, all traffic will flow without restriction.

 

That said, whether you use the sequence numbers or not doesn't matter, it will generate the same error if you add the subnet before the host entry.

0 Helpful

paul driver
VIP
VIP
In response to getaway51

‎12-27-2019 03:21 AM

@getaway51 wrote:

Hi,

If possible I would prefer insert the add-on acl in between.

The objective is to see if the new add-on acl gt ant traffic hits.-which is why single-host acl is specified before the subnet acl.  

Then edit the acl instead of removing it !


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

getaway51
Level 2
Level 2
In response to paul driver

‎12-29-2019 07:42 AM

Hi,

 

lf existing there have

10 permit 4.4.4.4

20 deny 4.4.4.0 0.0.0.255

Then i ADD-ON 11 permit 4.4.4.5

Typically to edit an acl, is it add a sequence number (currently not used) in between where we want to add it?

Is this the best way to add an entry into existing configured ACL?

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to getaway51

‎12-29-2019 08:29 AM

Hello,

 

sequence numbers can indeed be used to insert an access-list entry. The issue with the access list in your original post still remains, it will generate the message regardless of whether or not you use sequence numbers...

0 Helpful

paul driver
VIP
VIP
In response to getaway51

‎12-29-2019 09:39 AM

@getaway51 wrote:

Hi,

 

lf existing there have

10 permit 4.4.4.4

20 deny 4.4.4.0 0.0.0.255

Then i ADD-ON 11 permit 4.4.4.5

Typically to edit an acl, is it add a sequence number (currently not used) in between where we want to add it?

Is this the best way to add an entry into existing configured ACL?

 

YES -  

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card