9 ACL configuration and management

If you need to add more rules between existing rules than the current sequence numbering allows, you can use the resequence command to reassign sequence numbers. For detailed information, see “Reordering the sequence numbers in a MAC ACL” on page 90.

Use a sequence number to specify the rule you wish to modify. Without a sequence number, a new rule is added to the end of the list, and the existing rule is unchanged.

NOTE

Using the permit and deny keywords, you can create many different rules. The examples in this section provide the basic knowledge needed to modify MAC ACLs.

NOTE

This example assumes that test_02 contains an existing rule number 100 with the “deny any anyoptions.

To modify a MAC ACL, perform the following steps from Privileged EXEC mode.

1.Enter the configure terminal command to access global configuration mode.

2.Enter the mac command to specify the ACL called test_02 for modification.

switch(config)#mac access-list extended test_02

3. Enter the no seq command to delete the existing rule 100.

switch (config)#no seq 100

4. Enter the seq command to re create rule number 100 by recreating it with new parameters.

switch(conf-macl-ext)#seq 100 permit any any

Removing a MAC ACL

To remove a MAC ACL, perform the following steps from Privileged EXEC mode.

1.Enter the configure terminal command to access global configuration mode.

2.Enter the mac command to specify and delete the ACL that you want to remove. In this example, the extended MAC ACL name is “test_02.”

The following example deletes the extended MAC ACL named “test_02.”

switch(config)#no mac access-list extended test_02

Reordering the sequence numbers in a MAC ACL

You can reorder the sequence numbers assigned to rules in a MAC ACL. Reordering the sequence numbers is useful when you need to insert rules into an ACL and there are not enough available sequence numbers.

The first rule receives the number specified by the starting-sequence number that you specify. Each subsequent rule receives a number larger than the preceding rule. The difference in numbers is determined by the increment number that you specify. The starting-sequence number and the increment number must be in the range of 1 through 65535.

For example, in the task listed below the resequence command assigns a sequence number of 50 to the rule named test_02, then the second rule has a sequence number of 55 and the third rule a has a sequence number of 60.

90

Dell Converged Enhanced Ethernet Administrator’s Guide

 

53-1002116-01

Page 108
Image 108
Dell 53-1002116-01 manual Removing a MAC ACL, Reordering the sequence numbers in a MAC ACL