Reset Search
 

 

Article

How to Modify an Existing ACL

« Go Back

Information

 
TitleHow to Modify an Existing ACL
Question
How to  insert, move, or delete one or more lines in an Access Control  List.
Environment
  • K-Series
  • S-Series
  • 7100-Series
  • All Firmware
Answer
  • Show the acl to be modified:
S4 Chassis(su)->show access-list 105

Extended IP access list 105  (9 entries)
  1 deny   tcp  any  host
192.0.2.3  eq 80
  2 deny   tcp  any  host 192.0.2.3  eq 443
  3 deny   tcp  host 
192.0.2.10  any  eq 80
  4 deny   tcp  host 192.0.2.9  any  eq 80
  5 deny   tcp  host 192.0.2.8  any  eq 80
  6 deny   tcp  host 192.0.2.10  any  eq 443
  7 deny   tcp  host 192.0.2.9  any  eq 443
  8 deny   tcp  host 192.0.2.8  any  eq 443
  -- implicit deny all --
S4 Chassis(su-config)->

 
  • Acquire config mode then specify the ACL to be modified:
S4 Chassis(su-config)->ip access-list extended 105
S4 Chassis(su-cfg-ext-acl-105)->
  • To insert a new line the syntax is insert before <line number> <new data>:
    S4 Chassis(su-cfg-ext-acl-105)->insert before 5 permit tcp host 192.0.2.6 any eq 80
  • Verify the new entry:
    S4 Chassis(su-cfg-ext-acl-105)->show access-list 105
    Extended IP access list 105  (10 entries)
      1 deny   tcp  any  host 192.0.2.3  eq 80
      2 deny   tcp  any  host 192.0.2.3  eq 443
      3 deny   tcp  host 192.0.2  any  eq 80
      4 deny   tcp  host 192.0.2.9  any  eq 80
      5 permit tcp  host 192.0.2.6  any  eq 80
      6 deny   tcp  host 192.0.2.8  any  eq 80
      7 deny   tcp  host 192.0.2.10  any  eq 443
      8 deny   tcp  host 192.0.2.9  any  eq 443
      9 deny   tcp  host 192.0.2.8  any  eq 443
      -- implicit deny all --
    S4 Chassis(su-cfg-ext-acl-105)->
 
  • To delete one line:
S4 Chassis(su-cfg-ext-acl-105)->delete 5
 
  • To delete multiple adjacent lines:
S4 Chassis(su-ext-a-cfgcl-105)->delete from 5 to 7
 
  • To move one or more lines the format is move <to where> <the first line to be moved> <the last line to be moved>
  • ​To move a single line (line 3 only):
​S4 Chassis(su-ext-a-cfgcl-105)->move before 1 from 3 to 3
  • To move multiple adjacent lines (lines 3, 4, and 5):
​S4 Chassis(su-ext-a-cfgcl-105)->move before 1 from 3 to 5
  • To replace one line (in this example line 5) use the command "replace" followed by the way you want the change to appear.  Here we changed the IP address of the host:
replace 5 deny   tcp  host 192.0.12.7  any  eq 80
Additional notes
Access Control Lists are discussed in these manuals:
  • S_K_7100 Configuration Guide in Chapter 54 Beginning on Page 976
  • S_K_7100 CLI Reference Guide in Chapter 86 Beginning on Page 1771

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255