Access Control List Part1 – Page 3

Editing Numbered ACLs

Method 1: Using a Text Editor

Step 1. Display the ACL using the show running-config command. The example in the figure uses the include keyword to display only the ACEs.

Step 2. Highlight the ACL, copy it, and then paste it into Microsoft Notepad. Edit the list as required. After the ACL is correctly displayed in Microsoft Notepad, highlight it and copy it.

Step 3. In global configuration mode, remove the access list using the no access-list 1 command. Otherwise, the new statements would be appended to the existing ACL. Then paste the new ACL into the configuration of the router.

Step 4. Using the show running-config command, verify the changes

It should be mentioned that when using the no access-list command, different IOS software releases act differently. If the ACL that has been deleted is still applied to an interface, some IOS versions act as if no ACL is protecting your network while others deny all traffic.

Method 2: Using the Sequence Number

Step 1. Display the current ACL using the show access-lists number command.

Step 2. Enter the ip access-lists standard number command that is used to configure named ACLs.

Note: Statements cannot be overwritten using the same sequence number as an existing statement. The current statement must be deleted first, and then the new one can be added.

Step 3. Verify the changes using the show access-lists command.

As discussed previously, Cisco IOS implements an internal logic to standard access lists. The order in which standard ACEs are entered may not be the order in which they are stored, displayed or processed by the router. The show access-lists command displays the ACEs with their sequence numbers.

Editing Named ACLs

Similar to numbered ACLs, as show bellow: Verify the ACL

show ip interface command is used to verify the ACL on the interface.
show access-lists list-number|list-name command view an individual access list, or show access-lists to see all the list entries and statistics about the entry.

Statistics:

Verify by show access-lists and

Delete the statistics by r1#clear access-list counters [number|name]

This command can be used alone or with the number or name of a specific ACL.

–Part 2-

Pages: 1 2 3