Editing Cisco Access Lists

Note: This is an old post recovered from a previous blog


Once upon a time Cisco Access Lists were very very clunky and crude. They were a pig to manipulate and something to be avoided. Things have improved over the years and they are not so bad as they once were. For example there was a time when you wanted to alter an already applied access list you had to remove it then re add the entire list lock stock and barrel. Niceties like adding individual access list entries or deleting them with out removing and re-adding the entire list was not possible. This guide will show you how to alter / amend a Cisco IOS access List.


List your access list

To edit an existing access list it is useful to know the access list entry numbers. To do this you simply need to show the access-list*. So let’s do this,  from the command prompt type:

show access-list

*This assumes we have an access setup in this example we do and its an extended one with an identifier of 101

This will return something like this:

Extended IP access list 101
10 permit ip any host
20 permit ip any host
30 permit ip any host
40 permit icmp any host
50 permit icmp any host

Now supposing you want to delete the entry “20 permit ip any host” You would enter into enable mode


Then enter into configuration mode

conf term

Then enter into access list configuration

access-list extended 101

and type a command to negate entry 20

no 20 permit ip any host

Now when you view the list again that entry should have disappeared

Comments are closed.