cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26637
Views
78
Helpful
21
Replies

Access-list wrong order

steuwissen
Beginner
Beginner

Hi all,

I'm trying to edit an access-list, but I experience some problems.

I'm making the following changes:

1. Delete access-list 1

2. Install the commands below

access-list 1 remark == s1
access-list 1 permit ip address 1
access-list 1 remark ==> Network Management <==
access-list 1 remark == s2
access-list 1 permit ip address 2
access-list 1 permit ip address 3
access-list 1 remark == s3
access-list 1 permit ip address 4
access-list 1 remark ==> Scanning Appliances <==
access-list 1 remark == s4
access-list 1 permit ip address 5
access-list 1 permit ip address 6
access-list 1 remark == s5
access-list 1 permit ip address 7
access-list 1 permit ip address 8
access-list 1 permit ip address 9
access-list 1 remark == s6
access-list 1 permit ip address 10
access-list 1 permit ip address 11
access-list 1 permit ip address 12
access-list 1 remark == s7
access-list 1 permit ip address 13
access-list 1 permit ip address 14
access-list 1 permit ip address 15
access-list 1 permit ip address 16
access-list 1 remark == s8
access-list 1 permit ip address 17
access-list 1 permit ip address 18
access-list 1 remark == s9
access-list 1 permit ip address 19
access-list 1 deny any log

3. After issueing show running-config | include access-list 1, I receive this:

access-list 1 remark == s1
access-list 1 permit ip address 1
access-list 1 remark ==> Network Management <==
access-list 1 remark == s2
access-list 1 permit ip address 2
access-list 1 permit ip address 3
access-list 1 remark ==> Scanning Appliances <==
access-list 1 remark == s3
access-list 1 permit ip address 5
access-list 1 remark == s4
access-list 1 permit ip address 4
access-list 1 permit ip address 6
access-list 1 remark == s5
access-list 1 permit ip address 7
access-list 1 permit ip address 8
access-list 1 permit ip address 9
access-list 1 remark == s6
access-list 1 permit ip address 10
access-list 1 permit ip address 11
access-list 1 permit ip address 12
access-list 1 remark == s7
access-list 1 permit ip address 13
access-list 1 permit ip address 14
access-list 1 permit ip address 15
access-list 1 permit ip address 16
access-list 1 remark == s8
access-list 1 permit ip address 17
access-list 1 permit ip address 18
access-list 1 remark == s9
access-list 1 permit ip address 19
access-list 1 deny any log


What is going on here? How can I fix this? I noticed more engineers experience difficulties with these issues.

21 Replies 21

Julio E. Moisa
VIP Mentor VIP Mentor
VIP Mentor

Hi

If you remove a line of a numbered ACL, all the ACL will be removed, in order to avoid it you can use the following sintaxis:

ip access-list standard

*It will be treated as a named ACL without lose its structure (numbered), I mean you will see always the ACL as numbered, it is used to modify an ACL only.

then modify the ACL using sequence number, so you will be able to move up or down, or insert a new line before or after other line, or remove an ACL without affect the entire ACL, example

6 permit host 10.10.10.10   (sequence number 6)

no 6 permit host 10.10.10.10   (removing sequence 6)

Also you can use the following command to verify the current sequence into the ACL:

show access-list 1

Please rate the comment if it is useful or answered the question.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hello Julio,

Thanks for your reply.

I have tried your solution; unfourtunately it does not work completely. I noticed the sequence numbers are there when executing show access-list 1. But the out of order issue is still present when executing the show run command. There are not seq. numbers available for the remarks, could that be a problem?

Hi

Yes, through show run the sequence will not be displayed just using show access-list, I recommend insert sequence between number in multiples, for example insert the new line between 10 and 15 (11,12,13,14) or remove first the line what you want to move and create it again with the sequence, for example:

no 10 permit host 10.1.1.1
4 permit host 10.1.1.1

Please keep me posted. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

steuwissen
Beginner
Beginner