Editing Cisco Access Lists

Note: This is an old post recovered from a previous blog

Introduction

Once upon a time Cisco Access Lists were very very clunky and crude. They were a pig to manipulate and something to be avoided. Things have improved over the years and they are not so bad as they once were. For example there was a time when you wanted to alter an already applied access list you had to remove it then re add the entire list lock stock and barrel. Niceties like adding individual access list entries or deleting them with out removing and re-adding the entire list was not possible. This guide will show you how to alter / amend a Cisco IOS access List.

 

List your access list

To edit an existing access list it is useful to know the access list entry numbers. To do this you simply need to show the access-list*. So let’s do this,  from the command prompt type:


show access-list

*This assumes we have an access setup in this example we do and its an extended one with an identifier of 101

This will return something like this:

Extended IP access list 101
10 permit ip any host 10.4.21.6
20 permit ip any host 10.9.0.5
30 permit ip any host 10.4.127.25
40 permit icmp any host 10.9.127.25
50 permit icmp any host 10.45.21.6

Now supposing you want to delete the entry “20 permit ip any host 10.9.0.5” You would enter into enable mode

enable

Then enter into configuration mode


conf term

Then enter into access list configuration

access-list extended 101

and type a command to negate entry 20

no 20 permit ip any host 10.9.0.5

Now when you view the list again that entry should have disappeared

Comments are closed.