Adding to an ACL

[WanderingSailor]

Can I add statements to an existing ACL without wiping out the whole ACL? I thought if you attempted to add a line while in privileged mode, you would effectively overwrite the current ACL. Is that true, and if so, how can you add a line?

Thanks.

 

[jimmyzz]

Mickhammer,
The statement is true for removing a line from an access-list. Basically if you enter "no access-list 100 xxxxx" then it removes the whole list.

However, you should be able to add to an existing access-list without any problems. The new line will be appended to the end of the access-list. The exception is if the list is configured with an implict "deny any any" at the end of the list. If this is the case, then you have to recreate the list.

JimmyZ

 

[eurobadger]

Hi

The easiest way is probaby to list the ACL by doing a sh run. Copy the ACL portion of it into notepad. Edit the ACL in notepad.

Then do your no access-list.......... Then just paste the modified ACL back into the config. Test the amended config & assuming it works, save it as the startup-config. If it doesn't you still have your original config on the router.

EB

 

[deadcat1]

Hi,

The best way in my opinion would be to use a named access list, with those you can delete any line in the list without having to delete the entire list.

(config)#ip access-list extended My_Access_List
(config-ext-nacl)#permit ip any any

Note that the case in the name of the access list is important when applying it or editing it.

-sc