Table of Contents
Advertisement
You can delete any ACE from any ACL (named or numbered) by using
■
the ip access-list command to enter the ACL's context, and then using
the no < seq-# > command (page 10-90).
Deleting the last ACE from an ACL leaves the ACL in memory. In this
■
case, the ACL is "empty" and cannot perform any filtering tasks. (In
any ACL the Implicit Deny does not apply unless the ACL includes at
least one explicit ACE.)
Sequence Numbering in ACLs
The ACEs in any ACL are sequentially numbered. In the default state, the
sequence number of the first ACE in a list is "10" and subsequent ACEs are
numbered in increments of 10. For example, the following show run output
lists three ACEs with default numbering in a list named "My-List":
ip access-list standard "My-List"
10 permit 10.10.10.25 0.0.0.0
20 permit 10.20.10.117 0.0.0.0
30 deny 10.20.10.1 0.0.0.255
exit
Figure 10-23. Example of the Default Sequential Numbering for ACEs
You can add an ACE to the end of a named or numbered ACL by using either
access-list for numbered ACLs or ip access-list for named ACLs:
HP Switch(config)# access-list 2 permit any
HP Switch(Config)# ip access-list standard My-list
HP Switch(Config-ext-nacl)# permit ip any host 10.10.10.125
Figure 10-24. Examples of Adding an ACE to the end of Numbered or Named ACLs
IPv4 Access Control Lists (ACLs)
Editing an Existing ACL
Appends an ACE to
the end of a standard,
numbered ACL.
Enters the context of an extended ACL
and appends an ACE to the end of the list.
10-87
Hide quick links:
Advertisement
Table of Contents
