Access Control Lists (ACLs) for the Series 5300xl Switches
Editing ACLs and Creating an ACL Offline
General Editing Rules
■ You can delete any ACE from an ACL by repeating the ACE’s entry
command, preceded by the “no” statement. When you enter a new
ACE, the switch inserts it as the last entry of the specified ACL.
■ Deleting the last ACE from a numeric ACL, removes the ACL from
the configuration. Deleting the last ACE from a named ACL leaves the
ACL in memory. In this case, the ACL is “empty” and cannot perform
any filtering tasks. (In any ACL the implicit “deny any” does not apply
unless the ACL includes at least one explicit ACE.)
■ When you create a new ACL, the switch inserts it as the last ACL in
the startup-config file. (Executing write memory saves the running-
config file to the startup-config file.)
Deleting Any ACE from an ACL
You can delete an ACE from an ACL by repeating the ACE’s entry command,
preceded by the “no” statement.
Syntax:
no access-list < acl-id > < permit | deny > < any | host | ip-addr/mask-length >
Deletes an ACE from a standard ACL. All variable parame-
ters in the command must be an exact match with their
counterparts in the ACE you want to delete.
no access-list < acl-id > < permit | deny > < ip | tcp | udp >
< src-addr: any | host | ip-addr/mask-length > [operator < src-port-num >]
< dest-addr: any | host | ip-addr-mask-length > [operator < dest-port-num >
[log]
Deletes an ACE from a standard ACL. All variable parame-
ters in the command must be an exact match with their
counterparts in the ACE you want to delete.
9-54
To Next Page
Loading...
