Editing an extended ACL can be accomplished using the same process as editing a standard ACL as discussed in a previous section. An extended ACL can be modified using:
- Method 1 Text editor - Using this method, the ACL is copied and pasted into the text editor where the changes are made. The current access list is removed using the no access-list command. The modified ACL is then pasted back into the configuration.
- Method 2 Sequence numbers - Sequence numbers can be used to delete or insert an ACL statement. The ip access-list extended name command is used to enter named-ACL configuration mode. If the ACL is numbered instead of named, the ACL number is used in the name parameter. ACEs can be inserted or removed.
In the figure the administrator needs to edit the ACL named SURFING to correct a typo in the source network statement. To view the current sequence numbers, the show access-lists command is used. The statement to be edited is identified as statement 10. The original statement is removed with the no sequence_# command. The corrected statement is added replacing the original statement.