Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2407
Views
0
Helpful
2
Replies

FWSM access-list.

Jonn cos
Level 4
Level 4

‎06-29-2010 12:54 AM - edited ‎03-06-2019 11:48 AM

Hi experts.

I am using FWSM ver 3.2(5). I am facing problems regarding line number in access-list. See i entered the following

FWSM(config)# access-list temp line 10 per ip host 10.0.0.1 host 20.0.0.1

FWSM(config)# access-list temp line 20 per ip host 10.0.0.1 host 20.0.0.2

FWSM(config)# access-list temp line 15 per ip host 10.0.0.1 host 20.0.0.15

now when i do

FWSM# sh access-list temp
access-list temp; 3 elements
access-list temp line 1 extended permit ip host 10.0.0.1 host 20.0.0.1 (hitcnt=0) 0x49d4a46e
access-list temp line 2 extended permit ip host 10.0.0.1 host 20.0.0.2 (hitcnt=0) 0x8df5c3c1
access-list temp line 3 extended permit ip host 10.0.0.1 host 20.0.0.15 (hitcnt=0) 0x535d5620

Why access-list is not taking my defined line numbers. I am currently managing a security access-list and we need to add/delete IP on quite frequent basis. Do i have always have to copy the entire access-list to notepad and make amendments there ? Can someone help me out pls

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎06-29-2010 12:59 AM 

Jonn.cos88 wrote:
Hi experts.
I am using FWSM ver 3.2(5). I am facing problems regarding line number in access-list. See i entered the following
FWSM(config)# access-list temp line 10 per ip host 10.0.0.1 host 20.0.0.1
FWSM(config)# access-list temp line 20 per ip host 10.0.0.1 host 20.0.0.2
FWSM(config)# access-list temp line 15 per ip host 10.0.0.1 host 20.0.0.15
now when i do
FWSM# sh access-list temp
access-list temp; 3 elements
access-list temp line 1 extended permit ip host 10.0.0.1 host 20.0.0.1 (hitcnt=0) 0x49d4a46e
access-list temp line 2 extended permit ip host 10.0.0.1 host 20.0.0.2 (hitcnt=0) 0x8df5c3c1
access-list temp line 3 extended permit ip host 10.0.0.1 host 20.0.0.15 (hitcnt=0) 0x535d5620
Why access-list is not taking my defined line numbers. I am currently managing a security access-list and we need to add/delete IP on quite frequent basis. Do i have always have to copy the entire access-list to notepad and make amendments there ? Can someone help me out pls

Jon

I'm not sure you can use specific line numbers ie. 10, 15, 20 when entering acl lines but no you don't have to copy the entire access-list to notepad.

From your example above lets say you want to add a new line between 2 & 3 -

access-list temp line 3 permit ip host 10.0.0.1 host 20.0.0.8

this should add the line as line 3 and then the original line 3 should become line 4. Same if you delete a line, the access-list will renumber the remaining entries so you can add and delete into the existing acl.

Jon

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-29-2010 01:01 AM

Hello Jonn,

FWSM allows you to add line in any position for example 2, existing line 2 will be moved to line 3 and so on

you should be able to add or remove lines selectively. just use show access-list to find out the current line numbering

This is different from what happens on Cisco IOS routers where using line x means changing line x to new line

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card