Specifications

Modifying a Security ACL

15-18 Configuring and Managing Security ACLs

Modifying an Existing Security ACL

Youcanusethemodifyeditbuffer‐indexportionofthesetsecurityaclcommandtomodifyan

activesecurityACL.

Example

Forexample,supposetheACLacl‐111currentlyblockssomepacketsfromIPaddress

192.168.254.12withthemask0.0.0.255andyouwanttochangetheACLtopermitallpacketsfrom

thisaddress.Followthesesteps:

1. TodisplayallcommittedsecurityACLs,typethefollowingcommand:

RBT-8100# show security acl info

ACL information for all

set security acl ip acl-111 (hits #4 0)

----------------------------------------------------

1. deny IP source IP 192.168.254.12 0.0.0.255 destination IP any

2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any

set security acl ip acl-2 (hits #1 0)

----------------------------------------------------

1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP

192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits

2. TomodifythefirstACEinacl‐111,typethefollowingcommands:

RBT-8100# set security acl ip acl-111 permit 192.168.254.12 0.0.0.0 modify 1

RBT-8100# commit security acl acl-111

success: change accepted.

3. Toviewtheresults,typethefollowingcommand:

RBT-8100# show security acl info

ACL information for all

set security acl ip acl-111 (hits #4 0)

----------------------------------------------------

1. permit IP source IP 192.168.254.12 0.0.0.0 destination IP any

2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any

set security acl ip acl-2 (hits #1 0)

----------------------------------------------------

1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP

192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits