Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
0
Helpful
1
Replies

how to add another line into existing access-list without interrupting other ACL

getaway51
Level 2
Level 2

‎08-13-2019 10:43 PM

Hi,

 

1)May i know how to add additional line into existing access-list? If i add it, will it prompt whether it will put at top or bottom line position or how does the positioning of new line works for existing ACL? 

 

2)If I add new ACL cmd into an interface, will it interrupt any traffic? Let's say i permit any any. i.e will applying ACL will affect even a single ping drop?

 

3)By default, it is last line is "deny any any" even though not shown in the newly created access-list?

Therefore if there is no permit entry, then the new ACL will deny everything?

 

Thanks!

Labels:
0 Helpful
1 Reply 1

Seb Rupik
VIP Alumni
VIP Alumni

‎08-14-2019 12:01 AM

Hi there,

To answer your questions:

 

1) All ACLs can be prefixed with a sequence number. Typically each ACE in an ACL is sequentially numbered from 10 in increments of 10. This means if you wanted to insert an ACE between line 10 and 20 you would do something like:

!
ip access-list ex FOO
  15 permit ip 192.168.11.0 255.255.255.0 any
!

 

So the ACL would look like

Extended ip access list FOO
  10 permit 192.168.10.0 255.255.255.0 any
  15 permit 192.168.11.0 255.255.255.0 any
  20 permit 192.168.20.0 255.255.255.0 any

 2) Yes, the ACL should be added to the interface without interrupting traffic.

 

3) it is true that all ACLs have an implicitly deny at the end, with one exception that when the ACL is empty an implicit permit any any is present.

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card