Sequence numbering in ACLs

The ACEs in any ACL are sequentially numbered. In the default state, the sequence number of the first ACE in a list is "10," and subsequent ACEs are numbered in increments of 10. The following show run output shows an ACL named "My-list" using the default numbering scheme:

Default sequential numbering for ACEs

ipv6 access-list "My–list"
     10 permit ipv6 2001:db8:0:5ad::25/128 ::/0
     20 permit ipv6 2001:db8:0:5ad::111/128 ::/0
     30 permit icmp 2001:db8:0:5ad::115/128 ::/0 135
     40 deny ipv6 2001:db8:0:5ad::/64 ::/0
   exit

An ACE can be appended to the end of the ACL by using ipv6 access-list from the global configuration prompt or by entering the ACL context:

Ways to append a new ACE to the end of an ACL

Switch(config)# ipv6 access-list My–list permit esp host 2001:db8:0:5ad::19 any ¹
Switch(Config)# ipv6 access-list My–list ²
Switch(config–ipv6–acl)# permit ipv6 any host 2001:db8:0:5ad::1

¹ From the global configuration prompt, appends an ACE to the end of the ACL named "My-list"

² Enters the context of the "My-list" ACL and appends an ACE to the end of the list

Appending an ACE to an existing list

Switch(config–ipv6–acl)# deny ipv6 2001:db8:0:5ad::/64 any ¹
Switch (config–ipv6–acl)# permit ipv6 any any ²
Switch(config–ipv6–acl)# show run
. . .
ipv6 access-list "My–list"
     10 permit ipv6 2001:db8:0:5ad::25/128 ::/0
     20 permit ipv6 2001:db8:0:5ad::111/128 ::/0
     30 permit icmp 2001:db8:0:5ad::115/128 ::/0
     40 permit icmp 2001:db8:0:5ad::/64 ::/0
     50 permit 50 2001:db8:0:5ad::19/128 ::/0
     60 permit ipv6 ::/0 2001:db8:0:5ad::1/128
     70 deny ipv6 2001:db8:0:5ad::/64 ::/0
     80 permit ipv6 ::/0 ::/0
   exit

¹ ACE appended as line 70

² Appended as line 80