The (config)#ip access-list...... command uses sequence numbers. Each line in a LIST has a sequence number which can be used to squeeze additional lines in between other lines or easely remove lines in a LIST without deleting the whole ACL
let's say we have created the following :
(config)#ip access-list extended DEMO
(config-ext-nacl)#deny tcp host 1.1.1.1 host 3.3.3.3 eq 443
(config-ext-nacl)#permit ip any any
The system will dynamically attribute to the first line the sequence number 10 and to the second line the sequence number 20 (by default sequence numbers are incrememte of 10).
Let's say we are now asked to to sqeeze a line stating that host 1.1.1.2 should not access telnet service on 3.3.3.3 : this new line should be in between the lines of the DEMO ACL. The following would have been typed to add the new line :
(config)#ip access-list extended DEMO
(config-ext-nacl)#15 deny tcp host 1.1.1.2 host 3.3.3.3 eq 23
note that 15 here is a sequence number. Since 15 is a number between 10 and 20, this will put this new line in between.
------------------------------------------------------------------------------------------------------
I will be honored to read your comment about this post. Please feel free to leave one ☺ And if you have a Cisco IOS, Firewall ASA Or Mircrorsoft server infrastructure topic you would like me to add in this blog, i will be more than happy to know which one ☺
-------------------------------------------------------------------------------------------------------
No comments:
Post a Comment