NetSysHorizon: Cisco Named Access Control List (ACL) Editing and Resequence

This article demonstrates on how to insert a line into an existing access control list (ACL) in the top of the list or in between the lines in the list. Also, will clarify how to renumber the ACL to increase the flexibility of adding line in between the existing lines in the acl.

The numbered (standard or extended) acl is non-ediable, can't remove sepecific lines from the acl, and can't insert lines at the top of the list or in between the lines in the acl. But named (standard or extended) acl can insert lines in between the lines of an existing acl, and delete individual lines from the acl.

Create Named Standard ACL

To create Named standard access control list, identify the acl by the name not the number. The following acl permit the networks 2,3, and 4 and deny all the other networks.

Create named standard and show access control list

Add a line in between the lines of the ACL

After that, if you want to deny the host 192.168.2.10 by using the command deny host 192.168.2.10. you can't add it at the bottom of the acl. Because the host 192.168.2.10 will not be denied since the acl find a match in the first line of the acl that permit this host.

So, you have to insert the command before the first line, means the number of the inserted line must be before number 10 (The number of the first line)

insert a line in between the lines of the acess control list

In this way you can insert lines in between the existing lines of the acl.

Delete individual lines

To delete individual lines from the acl, for example to delete line number 20, issue the command no 20 as you show in the image below.

ACL Resequence

By default, ACL start with number 10, and the increment value is 10, means the difference between the successive lines is 10. so, by default you can add 9 lines between two successive lines. for more flexibility you increase this number. So, if you want your acl starting with 10 and the increment value is 20.