ACL - Sequence Numbers
By default, whenever you create access lists, whether standard or extended, if you don’t include sequence numbers in your statements, by default each statement will receive a sequence number with increments of 10: 10, 20, 30, 40 and so on. The following is an example of a configured ACL and the resulting sequence numbers that are automatically assigned:
R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip access- R1(config)#ip access-list extended MY_LIST R1(config-ext-nacl)#permit ip 10.10.10.0 0.0.0.255 any R1(config-ext-nacl)#permit ip host 192.168.12.1 any R1(config-ext-nacl)#permit tcp 172.16.0.1 0.0.0.0 eq 80 any R1(config-ext-nacl)#exit R1(config)#exit R1#show access-lists Extended IP access list MY_LIST 10 permit ip 10.10.10.0 0.0.0.255 any 20 permit ip host 192.168.12.1 any 30 permit tcp host 172.16.0.1 eq www any R1#
This is done so that you can more easily edit access lists using the ACL editor by removing statements by specifying their sequence number, or by adding statements using sequence numbers in between the existing sequence numbers. The following example shows how an additional entry is placed between sequence numbers 10 and 20:
R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip access-list extended MY_LIST R1(config-ext-nacl)#15 deny ip 10.10.20.0 0.0.0.255 any R1(config-ext-nacl)#exit R1(config)#exit R1#show access-lists Extended IP access list MY_LIST 10 permit ip 10.10.10.0 0.0.0.255 any 15 deny ip 10.10.20.0 0.0.0.255 any 20 permit ip host 192.168.12.1 any 30 permit tcp host 172.16.0.1 eq www any R1#
Links:
https://forum.networklessons.com/t/extended-access-list-example-on-cisco-router/890/75?u=lagapidis
https://networklessons.com/cisco/ccie-routing-switching/extended-access-list-example-on-cisco-router