Wednesday, April 25, 2007

 

Modifying an ACL (Problem #77)

Consider the following ACL as displayed by the show command

R1#show access-lists
Extended IP access list 101
1 permit ip host 10.1.1.1 host 11.1.1.1
2 permit ip host 12.1.1.1 host 13.1.1.1
3 deny tcp host 14.1.1.1 host 15.1.1.1 eq www
4 permit ip host 14.1.1.1 host 15.1.1.1
5 deny tcp host 16.1.1.1 host 17.1.1.1 eq www
6 permit ip host 16.1.1.1 host 17.1.1.1
R1#

The configuration looks like this

access-list 101 permit ip host 10.1.1.1 host 11.1.1.1
access-list 101 permit ip host 12.1.1.1 host 13.1.1.1
access-list 101 deny tcp host 14.1.1.1 host 15.1.1.1 eq www
access-list 101 permit ip host 14.1.1.1 host 15.1.1.1
access-list 101 deny tcp host 16.1.1.1 host 17.1.1.1 eq www
access-list 101 permit ip host 16.1.1.1 host 17.1.1.1

It turns out that a new ACL entry needs to be added. The entry is

access-list 101 deny tcp host 12.1.1.1 host 13.1.1.1 eq www

and needs to be added as the second entry in ACL 101 shown above.

What is the most efficient way of adding this entry to the ACL?

This page is powered by Blogger. Isn't yours?