Inserting an ACE in an existing ACL

This action uses a sequence number to specify where to insert a new ACE into an existing sequence of ACLs.

Syntax


ip access-list {<standard | extended>} {<name-str | 1 - 99 | 100 - 199>}

<1-2147483647> {permit | deny} <standard-acl-ip-criteria> [log]

<1-2147483647> {permit | deny} <extented-acl-ip-criteria> [option]

The first command enters the "Named-ACL" context for the specified ACL. The remaining two commands insert a new ACE in a standard or extended ACL, respectively.

Entering an ACE that would result in an out-of-range sequence number is not allowed. Use the resequence command to free up ACE numbering availability in the ACL. See Resequencing the ACEs in an ACL.

To insert a new ACE between existing ACEs in a list:

Procedure
  1. Use ip access-list to enter the "Named-ACL" (nacl) context of the ACE. This applies regardless of whether the ACE was originally created as a numbered ACL or a named ACL.
  2. Begin the ACE command with a sequence number that identifies the position you want the ACE to occupy. (The sequence number range is 1-2147483647).
  3. Complete the ACE with the command syntax appropriate for thetype of ACL you are editing.

For example, inserting a new ACE between the ACEs numbered 10 and 20 requires a sequence number in the range of 11-19 for the new ACE.

Inserting an ACE in an existing ACL

In the following example, the first two ACEs entered become lines 10 and 20 in the list. The third ACE entered is configured with a sequence number of 15 and is inserted between lines 10 and 20.

Inserting an ACE into an existing sequence