PurposeCommand or Action
Copies the running configuration to the startup
configuration.
(Optional) copy running-config startup-config
Example:
Step 7
switch(config-acl)# copy running-config
startup-config
Changing an IP ACL
You can add and remove rules in an existing IPv4 or IPv6 ACL, but you cannot change existing rules. Instead,
to change a rule, you can remove it and recreate it with the desired changes.
If you need to add more rules between existing rules than the current sequence numbering allows, you can
use the resequence command to reassign sequence numbers.
Before you begin
We recommend that you perform ACL configuration using the Session Manager. This feature allows you to
verify ACL configuration and confirm that the resources required by the configuration are available prior to
committing them to the running configuration. This feature is especially useful for ACLs that include more
than about 1000 rules.
SUMMARY STEPS
1. configure terminal
2. Enter one of the following commands:
• ip access-list name
• ipv6 access-list name
3. (Optional) [sequence-number] {permit | deny} protocol source destination
4. (Optional) [no] fragments {permit-all | deny-all}
5. (Optional) no {sequence-number | {permit | deny} protocol source destination}
6. (Optional) [no] statistics per-entry
7. (Optional) Enter one of the following commands:
• show ip access-lists name
• show ipv6 access-lists name
8. (Optional) copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
235
Configuring IP ACLs
Changing an IP ACL
To Next Page
Loading...
