Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Editing ACLs and Creating an ACL Offline
Editing ACLs and Creating an ACL
Offline
Earlier sections of this chapter describe how to use the CLI to create an ACL.
Beginning with “Using the CLI To Edit ACLs”, below, describes how to use the
CLI to edit existing ACLs. However, you can also create or edit an ACL offline,
then use a TFTP server to upload the ACL as a command file. The offline
method (page
10-67) provides a useful alternative to using the CLI for creating
or editing large ACLs.
Using the CLI To Edit ACLs
The switch applies individual ACEs in the order in which they occur in an ACL.
You can use the CLI to delete individual ACEs from anywhere in an ACL and
to append new ACEs to the end of an ACL. However, the CLI method does not
allow you to insert a new ACE between two existing ACEs.
Note Before editing an assigned ACL, you must use the no interface < interface >
access-group < acl-# > in command to remove the ACL from all interfaces to
which it is assigned.
Using the CLI To Edit a Short ACL. To insert a new ACE between exist-
ing ACEs in a short ACL, you may want to delete the ACL and then re-configure
it by entering your updated list of ACEs in the correct order.
Using the CLI to Edit a Longer ACL. To insert a new ACE between exist-
ing ACEs in a longer ACL:
a. Delete the first ACE that is out of sequence and all following ACEs
through the end of the ACL.
b. Re-Enter the desired ACEs in the correct sequence.
General Editing Rules
■ You can delete any ACE from an ACL by repeating the ACE’s entry
command, preceded by the “no” statement. When you enter a new
ACE, the switch inserts it as the last entry of the specified ACL.
10-65
To Next Page
Loading...
