There is a way to reduce the overhead involved in modifying ACL by using the Cisco IOS feature of resequencing.

In the following example in a Cisco router there is an access-list name ITKE

ASW2-02#sho access-lists ITKE

Extended IP access list ITKE

1 permit ip host 192.168.1.1 host 10.1.0.1

2 permit ip host 192.168.1.2 host 10.1.0.2

ASW2-02#

From the example if we need to add one more deny statement for the host 192.168.1, it’s not possible to add a statement without deleting the current access list and create a new one. But the power of resequence allows you to assign a new set of sequence numbers to current access list as demonstrated below using the IOS command “ip access-list resequence”

ASW2-02#configure t

ASW2-02(config)#ip access-list resequence ITKE ?

<1-2147483647>  Starting Sequence Number

ASW2-02(config)#ip access-list resequence ITKE 10 10

This starts the first entry with a sequence number of 10 and increments all new lines by 10. The result is as shown below

ASW2-02#sho ip access-lists ITKE

Extended IP access list ITKE

10 permit ip host 192.168.1.1 host 10.1.0.1

20 permit ip host 192.168.1.2 host 10.1.0.2

ASW2-02#

By resequencing the ACL now it’s easy to inserts a new ACL with a sequence number of 15 which would fall between the existing entries in the ITKE access list.