Configure ACLs and Content Filters
ACL line numbers

To view the configured ACLs, use the show access-list command. The access-list commands are listed by ACL line number in the command output. The line number was not part of the original command line, but was added by the operating system. Each individual access control element (ACE) is given a single line number. All ACEs pertaining to an object group are given the same line number. Object groups are covered later in this module.

Line numbers give the administrator the ability to insert, or delete, ACEs at any position within a list of existing ACEs. Use the access-list id line line-num command to insert an access-list command statement, and the no access-list id line line-num command to delete an access-list command statement. Line numbers are maintained internally in increasing order, starting from 1. A user can insert a new entry between two consecutive ACEs by choosing the line number of the ACE with the higher line number. An ACE cannot be inserted in the middle of object group ACEs. Line numbers are displayed by the show access-list command, but are not shown in the actual configuration.

In Figure , the administrator adds an ACE to the existing ACL. Entering line 4 in the access-list command line inserts this command into the fourth position in the ACL. This forces the existing line 4 ACE down one position in the ACL. The line 4 access-list command line becomes the new number 4 ACE. The current number 4 ACE becomes the new number 5 ACE. The syntax for the access-list line number commands is shown in Figure .