Standard IPv4 ACLs

Modify IPv4 ACLs

Editing Numbered ACLs

When configuring a standard ACL, the statements are added to the running-config. However, there is no built-in editing feature that allows you to edit a change in an ACL.

There are two ways that a standard numbered ACL can be edited.

Method 1: Using a Text Editor

After someone is familiar with creating and editing ACLs, it may be easier to construct the ACL using a text editor such as Microsoft Notepad. This allows you to create or edit the ACL and then paste it into the router. For an existing ACL, you can use the show running-config command to display the ACL, copy and paste it into the text editor, make the necessary changes, and paste it back in.

Configuration: For example, assume that the host IPv4 address in the figure was incorrectly entered. Instead of the 192.168.10.99 host, it should have been the 192.168.10.10 host. Here are the steps to edit and correct ACL 1:

Step 1. Display the ACL using the show running-config command. The example in the figure uses the include keyword to display only the ACEs.

Step 2. Highlight the ACL, copy it, and then paste it into Microsoft Notepad. Edit the list as required. After the ACL is correctly displayed in Microsoft Notepad, highlight it and copy it.

Step 3. In global configuration mode, remove the access list using the no access-list 1 command. Otherwise, the new statements would be appended to the existing ACL. Then paste the new ACL into the configuration of the router.

Step 4. Using the show running-config command, verify the changes

It should be mentioned that when using the no access-list command, different IOS software releases act differently. If the ACL that has been deleted is still applied to an interface, some IOS versions act as if no ACL is protecting your network while others deny all traffic. For this reason it is good practice to remove the reference to the access list from the interface before modifying the access list. Also, be aware that if there is an error in the new list, disable it and troubleshoot the problem. In that instance, again, the network has no ACL during the correction process.