access-list (extended)

insert replace

(Optional) Inserts this new entry before a specified entry in an existing ACL,

entryno

or replaces a specified entry with this new entry.

 

 

move destination

(Optional) Moves a sequence of access list entries before another entry.

source1 source2

Destination is the number of the existing entry before which this new entry

 

will be moved. Source1 is a single entry number or the first entry number in

 

the range to be moved. Source2 (optional) is the last entry number in the

 

range to be moved. If source2 is not specified, only the source1 entry will be

 

moved.

 

 

Defaults

If insert, replace or move are not specified, the new entry will be appended to the access list.

If source2 is not specified with move, only one entry will be moved.

Mode

Global configuration: C3(su)‐>router(Config)#

Usage

Valid access list numbers for standard ACLs are 1 to 99. For extended ACLs, valid values are 100 to 199.

Access lists are applied to interfaces by using the ip access‐group command (page 26‐86).

All access lists have an implicit “deny any any” statment as their last entry.

Examples

This example shows how to create access list 1 with three entries that allow access to only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the access list entries will be rejected:

C3(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255

C3(su)->router(Config)#access-list 1 permit 128.88.0.0 0.0.255.255

C3(su)->router(Config)#access-list 1 permit 36.0.0.0 0.255.255.255

This example moves entry 16 to the beginning of ACL 22:

C3(su)->router(Config)#access-list 22 move 1 16

access-list (extended)

Use this command to define an extended IP access list by number when operating in router mode. The no form of this command removes the defined access list or entry:

Syntax

To create an extended ACL entry:

access-listaccess-list-number {deny permit} protocol source [source-wildcard] [eq port] destination [destination-wildcard] [eq port]

no access-listaccess-list-number [entryno [entryno]]

To insert or replace an ACL entry:

access-list access-list-numberinsert replace entryno {deny permit} protocol source [source-wildcard] [eq port] destination [destination-wildcard] [eq port]

26-84 Authentication and Authorization Configuration

Page 830
Image 830
Enterasys Networks 9034313-07 Access-list extended, Insert replace, This example moves entry 16 to the beginning of ACL