Editing Cisco Access Control Lists (ACLs)
By Joshua Erdman
Before you try to read up on this article, be sure you are familiar with the terms and ideas Recall on ACL basics. It covers how ACLs are made and when to use a standard ACL vs. an extended one.
Reusing our example:
We will apply our ACLs to the serial (T1) interface to protect our network and to limit our user's Internet access to just web browsing.
Editing and adding ACLs
If you need to add more permissions, you must add to the ACL you have already created. Any lines you add will be appended to at the bottom of the list.
How I keep track of all the ACLs I use is by keeping each one in a separate text file. I then make changes to the text file then I delete the whole access-list from the router's memory (running-config) and then copy and paste the new list each time I make updates.
Clue: There is no way to remove a single line from an ACL. Instead it is better to copy the whole ACL into a text editor and remove the offending line. Then remove the whole ACL from the router's memory (see below) and then add the modified ACL.
To remove an ACL from the router, be sure you are in enabled mode. Then use the command:
no access-list <list number>
That is all there is to it.
Clue: When you delete an access-list that is currently being applied to an interface, all traffic that is to be filtered through the specified access list will be allowed until the access list is reinstated or a new access-list is specified in the access-group command.
Our next article is on Advanced ACLs including Port Ranges and methods for grouping IP addresses together.
Article last reviewed: 01/09/2403