Product guide
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Editing ACLs and Creating an ACL Offline
Working Offline To Create or Edit an ACL
Note When creating an ACL offline, ensure that the interfaces to which you plan to
assign the ACL will have adequate per-port rules and ACL masks available.
Note that if you attempt to apply an ACL to multiple interfaces and one of
those interfaces does not have sufficient resources to support the ACL, the
command will fail for all specified interfaces. For more on per-port ACL
resources, refer to “Planning an ACL Application on a Series 3400cl or Series
6400cl Switch” on page 10-17.
For longer ACLs that would be difficult or time-consuming to accurately
create or edit in the CLI, you can use the offline method:
1. Begin by doing one of the following:
• To edit one or more existing ACLs, use copy command-output tftp to
copy the current version of the ACL configuration to a file in your
TFTP server. For example, to copy the ACL configuration to a file
named acl02.txt in the TFTP directory on a server at 10.28.227.2:
ProCurve# copy command-output 'show access-list
config' tftp 10.28.227.2 acl02.txt pc
• To create a new ACL, just open a text file in the appropriate directory
on a TFTP server accessible to the switch.
2. Use the text editor to create or edit the ACL(s).
3. Use copy tftp command-file to download the file as a list of commands to
the switch.
Creating an ACL Offline
Use a text editor that allows you to create an ASCII text file (.txt).
If you are replacing an ACL on the switch with a new ACL that uses the same
number or name syntax, begin the command file with a “no” command to
remove the earlier version of the ACL from the switch’s running-config file.
Otherwise, the switch will append the new ACEs in the ACL you download to
the existing ACL. For example, if you plan to use the Copy command to replace
ACL “103”, you would place this command at the beginning of the edited file:
no ip access-list extended 103
10-72