To view the configured ACLs, use the show access-list
command. The access-list commands are listed by ACL line
number in the command output. The line number was not part of the original
command line, but was added by the operating system. Each individual access
control element (ACE) is given a single line number. All ACEs pertaining to an
object group are given the same line number. Object groups are covered later in
this module.
Line numbers give the administrator the ability to insert, or delete, ACEs
at any position within a list of existing ACEs. Use the access-list id
line line-num command to insert an
access-list command statement, and the no
access-list id line line-num command to delete an
access-list command statement. Line numbers are maintained
internally in increasing order, starting from 1. A user can insert a new entry
between two consecutive ACEs by choosing the line number of the ACE with the
higher line number. An ACE cannot be inserted in the middle of object group
ACEs. Line numbers are displayed by the show access-list
command, but are not shown in the actual configuration.
In Figure
, the
administrator adds an ACE to the existing ACL. Entering line
4 in the access-list command line inserts this
command into the fourth position in the ACL. This forces the existing line 4
ACE down one position in the ACL. The line 4 access-list
command line becomes the new number 4 ACE. The current number 4 ACE becomes the
new number 5 ACE. The syntax for the access-list line number
commands is shown in Figure
.