insert before

Use this command to insert an access list rule entry.

Syntax

Standard IP Access List:

insert before entry {remark “text” | {permit | deny} {source source-wildcard | any | host ip-address} [log | log-verbose]}

Extended IP Access List:

insert before entry {remark “text” | {permit | deny} protocol {source source-wildcard | any | host ip-address} {destination destination-wildcard | any | host ip-address} [log | log-verbose] [dscp dscp-code] [precedence precedence] [tos tos]}

Parameters

`entry`	Specifies an entry to place the inserted rule before. An entry is a valid pre-existing access list rule or the explicit deny which is the default entry 1.
remark `text`	(Optional) Specify a text remark that will be associated with this ACL. Valid values: Up to 64 characters within double quotes (“”).
deny \| permit `protocol`	Denies or permits access if specified conditions are met. For protocol details see permit or deny.
`source`	Specifies the IP address or range of the network or host from which the packet will be sent.
`source-wildcard`	Specifies the bits to ignore in the source address.
`destination`	Specifies the IP address or range of the network or host to which the packet will be sent.
`destination-wildcard`	Specifies the bits to ignore in the destination address.
any	Specifies that any source or destination (extended access list only) address applies to this rule entry.
host `ip-address`	Specifies a specific host address that will be applied to this rule entry.
log `\|` log-verbose	(Optional) Enable syslog for ACL entry hits. log enables standard syslog messaging on an access list rule hit and log-verbose enables a detailed level syslog messaging on an access list rule hit.
dscp `dscp-code`	(Optional) Specifies a diffserve code point number of name. Valid values are 0 - 63, or be, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, af44, ef
precedence `precedence`	(Optional) Specifies the IP precedence number or an IP precedence name. Valid values are 0 - 7, or in order from high to low: critical, flash, flash-override, immediate, internet, network, priority, routine.
tos `tos`	(Optional) Specifies the IP Type of Service number or name. Valid values are 0 - 15, or max-reliability, max-throughput, min-delay, min-monetary-cost, normal.

Defaults

If remark is not specified, no remark is configured.
If log or log-verbose are not specified, logging is not enabled.
If dscp is not specified, a diffserve-code is not associated with this access list.
If precedence is not specified, a precedence is not associated with this access list.
If tos is not specified, a ToS is not associated with this access list.

Mode

Configuration command, standard or extended access list configuration.

Usage

ACL logging is throttled to 1 log message per second. If there are multiple ACL rules with logging enabled (log or log-verbose), and more then one frame is transmitted per second that can hit those rules, only the first frame will generate a message. Logging is sampling and does not report every time that a rule with logging enabled is hit.

Examples

This example enters configuration mode for standard access list 2 and inserts a permit IP protocol for source address 125.50.0.5 with a source wildcard of 0.0.0.255 before entry 10:

System(rw-config)->ip access-list standard 2
System(rw-cfg-std-acl)->insert before 10 permit ip 125.50.0.5 0.0.0.255
System(rw-cfg-std-acl)->

Published May 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback