How do I modify an extended access-list?
Using the CLI to edit ACLsYou can use the CLI to delete individual ACEs from anywhere in an ACL, append new ACEs to the end of an ACL, and insert new ACEs anywhere within an ACL. Show
How to edit a Named Access Control List (ACL) on routerBefore continuing, refer Introduction to Access Control Lists (ACLs) lesson , if you are not familiar with Access Contol Lists. Refer Standard Access Control Lists lesson if you are not familiar with Standard Access Control List (ACLs) configuration IOS commands. Refer Extended Access Control Lists (ACLs) lesson if you are not familiar with Extended Access Control List configuration IOS commands. Refer Named Access Control Lists (ACLs) if you are not familiar with Named Access Control Lists configuration IOS commands. Refer Extended Named Access Control Lists (ACLs) lesson if you are not familiar with Extended Named Access Control List configuration IOS commands. How to view an existing Named Access Control Lists (ACL) by using "show ip access-lists" IOS commandYou can view an existing Access Control List (ACL) using the "show ip access-lists" IOS command as shown below. Router01>enable Router01#show ip access-lists BLOCK_WS03 Extended IP access list BLOCK_WS03 10 deny tcp host 172.16.0.12 host 172.20.0.5 eq www 20 permit ip any any Router01#How to add a new Access Control List entry in an existing Named Extended Access Control List (ACL)Now you can add a new entry to deny the Workstation03 (IP Address - 172.16.0.12/16) in above Named Extended Access Control List (ACL name BLOCK_WS03), from accessing the File Server (IP Address - 172.20.0.6/16) using FTP as shown below. Router01>enable Router01#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router01(config)#ip access-list extended BLOCK_WS03 Router01(config-ext-nacl)#15 deny tcp host 172.16.0.12 host 172.20.0.6 eq ftp Router01(config-ext-nacl)# Router01(config)#exit Router01#To view the altered Named Access Control List (ACL name BLOCK_WS03) by running the below command. Router01>enable Router01#show access-lists Extended IP access list BLOCK_WS03 10 deny tcp host 172.16.0.12 host 172.20.0.5 eq www 15 deny tcp host 172.16.0.12 host 172.20.0.6 eq ftp 20 permit ip any any Router01#How to delete an existing entry from a Named Extended Access Control List (ACL)You can remove an individual entry from an existing ACL by just using the keyword "no" and the sequence number of the line you wish to delete: Router01#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router01(config)#ip access-list extended BLOCK_WS03 Router01(config-ext-nacl)#no 20 Router01(config-ext-nacl)#exit Router01#How to re-adjust the Named Access Control List (ACL) sequence numbersYou can automatically re-adjust the changed Named Access Control sequence numbers using the "resequence" keyword as shown below. Do you have any suggestions? Please let us know! Feedback×Name: E-mail Message: Close Like us onShare on<< How to create and configure Extended Named Access Control Lists (ACLs) What is NAT (Network Address Translation) >> Related Tutorials • Standard Access Control Lists (ACLs)• Where should a Standard Access Control List (ACL) be placed • Access Control List (ACL) - Wildcard Masks • How to create and configure Standard Access Control Lists (ACLs) • Extended Access Control Lists (ACLs) • Where should an Extended Access Control List (ACL) be placed • Extended Access Control List (ACL) - Operators • Extended Access Control List (ACL) - TCP and UDP port numbers and names • Extended Access Control List (ACL)- established Keyword • How to create and configure Extended Access Control Lists (ACLs) • How to create and configure Access Control Lists (ACLs) for vty lines (telnet and ssh) • Named Access Control Lists (ACLs) • How to create and configure Standard Named Access Control Lists (ACLs) • How to create and configure Extended Named Access Control List (ACL) • How to edit a Named Access Control List (ACL) on router |
