Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to Edit an ACL

Status
Not open for further replies.
fenstrat

fenstrat

Technical User
Joined
Nov 5, 2002
Messages
226
Location
US
I have the following Access lists, It's been awhile for me and our network admin is gone. I need to edit this list to allow 172.25.104.* through the router.

#show access-lists
Standard IP access list 1
permit 172.25.10.13 (3886342 matches) check=21
permit 172.25.10.12 (6381588 matches) check=77331
permit 172.25.10.10 (109487023 matches) check=1533201
permit 172.25.100.1 (288790 matches) check=479072
Standard IP access list 2
permit 172.25.98.0, wildcard bits 0.0.0.255 (797748550 matches) check=73394
588
permit 172.25.99.0, wildcard bits 0.0.0.255 (733942588 matches)
Extended IP access list 100
permit ip 172.25.98.0 0.0.0.255 any (1638264527 matches)
permit ip 172.25.99.0 0.0.0.255 any (1500265580 matches)
permit ip host 172.25.10.10 any (220266618 matches)
permit ip host 172.25.10.12 any (12923476 matches)
permit ip host 172.25.10.13 any (7846441 matches)
permit ip host 172.25.100.1 any (608207 matches)
charybdis#
 
Sort by date Sort by votes
Either "access-list 1 permit 172.25.104.0 0.0.0.255" (or same with access-list 2)

or "access-list 100 permit ip 172.25.104.0 0.0.0.255 any"

It depends on which access list is applied to the interface nearest 172.25.104.0.

 
Upvote 0 Downvote
Dont forget, if you edit this on the actual router, it will add the entry to the top of the access-list.

Before you remove the access list from the router MAKE SURE you remove the access group from the interfaces or you will have big problems.

Think about where you need to add the entry and then you will need to copy the access list into notepad (or other text editing apllication). Add the entry into the list. Remove the access group (pertaining to the access list) from the Interface it is applied to. Then, remove the access-list. Copy the updated access list from notepad back to the telnet session windows and apply.

You have now updated your access list. Remember to re apply the access group to the required interfaces.

 
Upvote 0 Downvote
Dont forget, if you edit this on the actual router, it will add the entry to the top of the access-list."

It will add the entery to the bottom.

evilhomer#conf t
Enter configuration commands, one per line. End with CNTL/Z.
evilhomer(config)#access-list 101 permit ip any any
evilhomer(config)#^Z
evilhomer#sh access-list 101
Extended IP access list 101
10 permit ip any any
evilhomer#conf t
Enter configuration commands, one per line. End with CNTL/Z.
evilhomer(config)#access-list 101 deny ip any any log
evilhomer(config)#^Z
evilhomer#sh access-list 101
Extended IP access list 101
10 permit ip any any
20 deny ip any any log

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
798
madwok
madwok
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
403
badwolf1686
B
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
561
CPM86
CPM86
jarod_paris
  • Locked
  • Question Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
617
jarod_paris
jarod_paris
Luzbel
  • Locked
  • Question Question
Connecting HVAC controller to network
Replies
0
Views
576
Luzbel
Luzbel

Part and Inventory Search

Sponsor

Back
Top