Let say you create the following numbered extended access-list:
access-list 123 permit tcp any any eq www
access-list 123 permit udp any any eq 54
access-list 123 permit tcp any any eq smtp
access-list 123 permit tcp any any eq pop3
access-list 123 permit udp any any eq syslog
As you type in the last line you release you made a typo, by entering UDP-54 instead of UDP-53. This is likely why most of us prefer using Named-ACL’s, because without sequence numbers in the ACL you can not remove that one entry, you have to remove the whole ACL. Although Named-ACL’s are handy, there are still times when you have to use a Numbered-ACL.
Then what? Instead of removing the whole Numbered-ACL, why not just edit ACL-123 and remove just that one line? You can do this by treating ACL-123 as a Named-ACL. First enter the the Named-ACL context but use 123 as the name, just remove the entry:
R1(config)#ip access-list ext 123
R1(config-ext-nacl)#no permit udp any any eq 54
R1(config-ext-nacl)#permit udp any any eq 53
Now all the correct entries are specified and corrected, with minimal effort. (excluding the Typo):
access-list 123 permit tcp any any eq www
access-list 123 permit tcp any any eq smtp
access-list 123 permit tcp any any eq pop3
access-list 123 permit udp any any eq syslog
access-list 123 permit udp any any eq domain
Later IOS images actually assign sequence number by default now for this vary purpose:
R1#sh ip acce 123
Extended IP access list 123
10 permit tcp any any eq www
20 permit udp any any eq 54
30 permit tcp any any eq smtp
40 permit tcp any any eq pop3
50 permit udp any any eq syslog
So editing a Number-ACL becomes that same as editing a Named-ACL.
R1(config)#ip acce ext 123
R1(config-ext-nacl)#no 20
R1(config-ext-nacl)#20 permit udp any any eq 53
R1(config-ext-nacl)#end
!
R1#sh ip acce 123
Extended IP access list 123
10 permit tcp any any eq www
20 permit udp any any eq domain <---
30 permit tcp any any eq smtp
40 permit tcp any any eq pop3
50 permit udp any any eq syslog
Routing-Bits 