I have a Cisco 1921 router where I am using outbound extended access list. Whenever I edit my access lists, it results in losing all IP traffic. I will have about 3 deny statements, and then end with an permit any ip statement.
It works flawlessly, but when I want to edit the list and remove a deny statement, it results in me having to recreate all the statements.
When using Cisco routers and extended access lists, is there a best practice way to edit extended access lists without interrupting all IP traffic? Right now my list has:
access-list 199 deny ip host 10.200.15.159 any
access-list 199 permit ip any any
I went in and removed the acl statement
access-list 199 deny ip host 10.200.15.159 any
but it also removed the second access-list statement, and I don't understand why. It results in every IP losing traffic when I only wanted to remove the deny statement.
EDIT: When I remove the deny statement, it seems to delete the whole extended access list. However, it does not stop any outgoing IP traffic. The minute that I go back to recreate the same list, we lose all IP traffic (probably because I first started with the deny statement).
Additionally, the access-list is directly added to the outbound interface.
Best Answer
If you do a
show access-lists
command, you get something like:You can then insert or delete lines by the line number.
IP Access List Entry Sequence Numbering