This has been around a while, but I only ever found out about it a few months ago. There aren’t a ton of obvious articles about it on the Internet so I’m writing this mostly to have something for my own personal reference.
In short, do a “show access list XXX” to print out the access list you want to edit.
Next, go into config mode and type in:
ip access-list ext <XXX>
You now get a new prompt in your config mode (config-ext-nacl). From here, type in the sequence number you want to assign to the new ACL line. A sequence number is basically a line number and this number tells the router where in the access list you want to place this new line. Remember the first step where we showed the access list? The numbers to the left of the access list are the current sequence numbers. So if you want to add a new line between lines 20 and 30 you would enter the following:
25 permit ip any any eq telnet
Type exit twice (or ctrl-Z) and type “Show access-l XXX” and you should now see a sequence number 25 which has been added to the active ACL.
To delete a line from an ACL, you basically do the same thing as above. Once you get to the (config-ext-nacl) prompt, just type no XXX where XXX is the sequence line number you want to delete. So if we want to delete the sequence number 25 that we added above, we would type in:
no 25
That’s about it. If it doesn’t work for you, make sure you’re running a fairly recent release of IOS.
1 comment
Thank you for this cool one.
I have been thinking of this
kind of shortcut to edit
my ACL. It is quite handy.