Reset Search
 

 

Article

How to Modify an Existing ACL

« Go Back

Information

 
TitleHow to Modify an Existing ACL
Question
How to  insert, move, or delete one or more lines in an Access Control  List.
Environment
  • K-Series
  • S-Series
  • 7100-Series
  • All Firmware
Answer
  • Show the acl to be modified:
S4 Chassis(su)->show access-list 105

Extended IP access list 105  (9 entries)
  1 deny   tcp  any  host
192.0.2.3  eq 80
  2 deny   tcp  any  host 192.0.2.3  eq 443
  3 deny   tcp  host 
192.0.2.10  any  eq 80
  4 deny   tcp  host 192.0.2.9  any  eq 80
  5 deny   tcp  host 192.0.2.8  any  eq 80
  6 deny   tcp  host 192.0.2.10  any  eq 443
  7 deny   tcp  host 192.0.2.9  any  eq 443
  8 deny   tcp  host 192.0.2.8  any  eq 443
  -- implicit deny all --
S4 Chassis(su-config)->

 
  • Acquire config mode then specify the ACL to be modified:
S4 Chassis(su-config)->ip access-list extended 105
S4 Chassis(su-cfg-ext-acl-105)->
  • To insert a new line the syntax is insert before <line number> <new data>:
    S4 Chassis(su-cfg-ext-acl-105)->insert before 5 permit tcp host 192.0.2.6 any eq 80
  • Verify the new entry:
    S4 Chassis(su-cfg-ext-acl-105)->show access-list 105
    Extended IP access list 105  (10 entries)
      1 deny   tcp  any  host 192.0.2.3  eq 80
      2 deny   tcp  any  host 192.0.2.3  eq 443
      3 deny   tcp  host 192.0.2  any  eq 80
      4 deny   tcp  host 192.0.2.9  any  eq 80
      5 permit tcp  host 192.0.2.6  any  eq 80
      6 deny   tcp  host 192.0.2.8  any  eq 80
      7 deny   tcp  host 192.0.2.10  any  eq 443
      8 deny   tcp  host 192.0.2.9  any  eq 443
      9 deny   tcp  host 192.0.2.8  any  eq 443
      -- implicit deny all --
    S4 Chassis(su-cfg-ext-acl-105)->
 
  • To delete one line:
S4 Chassis(su-cfg-ext-acl-105)->delete 5
 
  • To delete multiple adjacent lines:
S4 Chassis(su-ext-a-cfgcl-105)->delete from 5 to 7
 
  • To move one or more lines the format is move <to where> <the first line to be moved> <the last line to be moved>
  • ​To move a single line (line 3 only):
​S4 Chassis(su-ext-a-cfgcl-105)->move before 1 from 3 to 3
  • To move multiple adjacent lines (lines 3, 4, and 5):
​S4 Chassis(su-ext-a-cfgcl-105)->move before 1 from 3 to 5

 
Additional notes
Access Control Lists are discussed in these manuals:
  • S_K_7100 Configuration Guide in Chapter 54 Beginning on Page 976
  • S_K_7100 CLI Reference Guide in Chapter 86 Beginning on Page 1771

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255