This task shows how to assign sequence numbers to entries in a named IP access list and how to add or delete an entry to or from an access list. It is assumed a user wants to revise an access list. The context of this task is the following:
•A user need not resequence access lists for no reason; resequencing in general is optional. The resequencing step in this task is shown as required because that is one purpose of this feature and this task demonstrates the feature.
•Step 5 happens to be a permit statement and Step 6 happens to be a deny statement, but they need not be in that order.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip access-list resequence access-list-name starting-sequence-number increment
4. ip access-list {standard | extended} access-list-name
5. sequence-number permit source source-wildcard or sequence-number permit protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
6. sequence-number deny source source-wildcard or sequence-number deny protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
7. Repeat Step 5 and/or Step 6 as necessary, adding statements by sequence number where you planned. Use the no sequence-number command to delete an entry.
8. end
9. show ip access-lists access-list-name
SOURCE:http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsaclseq.html#wp1043060