Network technologies and trends

Apr 30 2011   6:45AM GMT

Resequence the access-list!

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

When it comes to modifying Access lists in Cisco IOS devices most of us remove the ACL’s from the Cisco Router and then edit the entries in a note, and then paste back the modified ACL to the respective router via CLI.

There is a way to reduce the overhead involved in modifying ACL by using the Cisco IOS feature of resequencing.

In the following example in a Cisco router there is an access-list name ITKE

ASW2-02#sho access-lists ITKE

Extended IP access list ITKE

1 permit ip host host

2 permit ip host host


From the example if we need to add one more deny statement for the host 192.168.1, it’s not possible to add a statement without deleting the current access list and create a new one. But the power of resequence allows you to assign a new set of sequence numbers to current access list as demonstrated below using the IOS command “ip access-list resequence”

ASW2-02#configure t

ASW2-02(config)#ip access-list resequence ITKE ?

<1-2147483647>  Starting Sequence Number

ASW2-02(config)#ip access-list resequence ITKE 10 10

This starts the first entry with a sequence number of 10 and increments all new lines by 10. The result is as shown below

ASW2-02#sho ip access-lists ITKE

Extended IP access list ITKE

10 permit ip host host

20 permit ip host host


By resequencing the ACL now it’s easy to inserts a new ACL with a sequence number of 15 which would fall between the existing entries in the ITKE access list.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: