Using Sequence Numbers in Named ACLs


Router(config)#ip access-list extended serveraccess2

Creates an extended named ACL called serveraccess2

Router(config-ext-nacl)#10 permit tcp any host 131.108.101.99 eq smtp

Uses a sequence number of 10 for this line

Router(config-ext-nacl)#20 permit udp any host 131.108.101.99 eq domain

Sequence number of 20 will be applied after line 10

Router(config-ext-nacl)#30 deny ip any any log

Sequence number 30 will be applied after 20

Router(config-ext-nacl)#exit

 

Router(config)#int fa 0/0

 

Router(config-if)#ip access-group serveraccess2 out

Applies this ACL to the FastEthernet Interface 0/0 in an outbound direction

Router(config-if)#exit

 

Router(config)#ip access-list extended serveraccess2

 

Router(config-ext-nacl)#25 permit tcp any host 131.108.101.99 eq ftp

Sequence number of 25 places this line after line 20 and before line 30

Router(config-ext-nacl)#exit

 


Tip:

Sequence numbers are used to allow for easier editing of your ACL's. The preceding example used numbers 10, 20, and 30 in the ACL lines. If I needed to add another line to this ACL, it would have previously been added after the last linemy line 30. If I needed a line to go closer to the top, I would have had to remove the entire ACL and then reapply it with the lines in the correct order. Now I can enter in a new line with a sequence number, placing it in the correct location.


Note:

The sequence-number argument was added in IOS version 12.2(14)S. It was integrated into Cisco IOS Software Release 12.2(15)T.





CCNA Self-Study(c) CCNA Portable Command Guide
CCNA Portable Command Guide
ISBN: 1587201585
EAN: 2147483647
Year: 2006
Pages: 261
Authors: Scott Empson

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net