Cisco Cisco IOS Software Release 12.2(1)T
IP Access List Entry Sequence Numbering
How to Use Sequence Numbers in an IP Access List
7
Cisco IOS Release 12.2(14)S, 12.2(15)T, and 12.3(2)T
Step 5
sequence-number permit source source-wildcard
or
sequence-number permit protocol source
source-wildcard destination
destination-wildcard [precedence precedence]
[tos tos] [log] [time-range time-range-name]
[fragments]
Example:
Router(config-std-nacl)# 105 permit 10.5.5.5
0.0.0 255
Specifies a permit statement in named IP access list mode.
•
This access list happens to use a permit statement first,
but a deny statement could appear first, depending on
the order of statements you need.
but a deny statement could appear first, depending on
the order of statements you need.
•
See the
command for additional command
syntax to permit upper layer protocols (ICMP, IGMP,
TCP, and UDP).
TCP, and UDP).
•
Use the no sequence-number command to delete an
entry.
entry.
•
As the prompt indicates, this access list was a standard
access list. If you had specified extended in Step 4, the
prompt for this step would be
access list. If you had specified extended in Step 4, the
prompt for this step would be
Router(config-ext-nacl)
and you would use the
extended permit command syntax.
Step 6
sequence-number deny source source-wildcard
or
sequence-number deny protocol source
source-wildcard destination
destination-wildcard [precedence precedence]
[tos tos] [log] [time-range time-range-name]
[fragments]
Example:
Router(config-std-nacl)# 105 deny 10.6.6.7
0.0.0 255
(Optional) Specifies a deny statement in named IP access
list mode.
list mode.
•
This access list happens to use a permit statement first,
but a deny statement could appear first, depending on
the order of statements you need.
but a deny statement could appear first, depending on
the order of statements you need.
•
See the
command for additional command
syntax to permit upper layer protocols (ICMP, IGMP,
TCP, and UDP).
TCP, and UDP).
•
Use the no sequence-number command to delete an
entry.
entry.
•
As the prompt indicates, this access list was a standard
access list. If you had specified extended in Step 4, the
prompt for this step would be
access list. If you had specified extended in Step 4, the
prompt for this step would be
Router(config-ext-nacl)
and you would use the
extended deny command syntax.
Step 7
Repeat Step 5 and/or Step 6 as necessary, adding
statements by sequence number where you planned.
Use the no sequence-number command to delete an
entry.
statements by sequence number where you planned.
Use the no sequence-number command to delete an
entry.
Allows you to revise the access list.
Command or Action
Purpose