01-03-2014 01:50 PM - edited 03-07-2019 05:22 PM
If I create an ACL on a Cisco router and apply it to an interface, then I edit the ACL, do I still have to apply it again to the interface? It's already applied so I'm not sure. Also do I have to always do the "permit any" after I add a rule int he ACL since it's already there from when I created it?
Solved! Go to Solution.
01-03-2014 02:06 PM
Hello,
You do not need to apply it again, just edit the ACL and that's all. The same for permit any, if there is an entry for this in the ACL you do not need to add it again.
Best Regards,
Jose.
01-03-2014 02:06 PM
Hello,
You do not need to apply it again, just edit the ACL and that's all. The same for permit any, if there is an entry for this in the ACL you do not need to add it again.
Best Regards,
Jose.
01-03-2014 02:07 PM
No, you won't need to reapply it. You can generally edit while it's in place. The permit any line at the end of the ACL is only needed for outbound traffic usually (depending on the circumstance). There's an implicit deny at the end of the acl and the permit any line overrides that.
The one problem that I see many times is when someone edits the acl thinking that it's going to insert itself into the existing acl - it doesn't unless you tell it to. By default, when you edit the acl, it's going to add it to the end of the line. If you have a "permit any" at the end, and you say you want to deny anyone going to host 1.1.1.1, the acl will look like this:
50 permit ip any any
60 deny ip any host 1.1.1.1
The host will never be denied because it hits line 50 first. To fix that, you have to add the line number before your acl:
45 deny ip any host 1.1.1.1
50 permit ip any any
HTH,
John
*** Please rate all useful posts ***
01-03-2014 02:16 PM
yes, thats why I use sequencew numbers, but how then do you edit the sequence numbers, copy them into notepad, edit and then paste?
01-04-2014 02:24 AM
yes, thats why I use sequencew numbers, but how then do you edit the sequence numbers, copy them into notepad, edit and then paste?
You rember BASIC?
Sequence numbers are similar. you can say "no 45" and it means remove ACL line 45. Of course you have to specify the ACL name before you can remove the line number.
You can also insert a line between the sequence.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide