Inserting or adding an ACE to an ACL

These rules apply to all IPv4 ACEs you create or edit using the CLI:
  • Named IPv4 ACLs:
    Add an ACE to the end of a named ACE by using the ip access-list command to enter the Named ACL (nacl) context and entering the ACE without the sequence number.For example, if you wanted to add a "permit" ACL at the end of a list named "List-1" to allow traffic from the device at 10.10.10.100:
    switch(config)# ip access-list standard List-1
    switch(config-std-nacl)# permit host 10.10.10.100
    Insert an ACE anywhere in a named ACL by specifying a sequence number. For example, if you wanted to insert a new ACE as line 15 between lines 10 and 20 in an existing ACL named "List-2" to deny IPv4 traffic from the device at 10.10.10.77:
    switch(config)# ip access-list standard List-2
    switch(config-std-nacl)# 15 deny host 10.10.10.77
  • Numbered IPv4 ACLs:
    Add an ACE to the end of a numbered ACL by using the access-list <1-99|100-199> command. For example, if you wanted to add a "permit" ACE at the end of a list identified with the number "11" to allow IPv4 traffic from the device at 10.10.10.100:
    switch(config)# access-list 11 permit host 10.10.10.100
    To insert an ACE anywhere in a numbered ACL, use the same process as described above for inserting an ACE anywhere in a named ACL. For example, to insert an ACE denying IPv4 traffic from the host at 10.10.10.77 as line 52 in an existing ACL identified (named) with the number 11:
    switch(config)# ip access-list standard 99
    switch(config-std-nacl)# 52 deny host 10.10.10.77
    NOTE:

    After a numbered ACL has been created (using access-list <1-99|100-199>), it can be managed as either a named or numbered ACL.

  • Deleting an ACE: Enter the ACL context and delete the sequence number for the unwanted ACE. (To view the sequence numbers of the ACEs in a list, use show access-list <acl-name-str> config .)

  • Duplicate ACEs are not allowed in the same ACL. Attempting to enter a duplicate ACE displays the Duplicate access control entry message.