370Configuring and Managing Security ACLs

Adding Another ACE to a Security ACL

The simplest way to modify a security ACL is to add another ACE. For example, suppose you wanted to modify an existing ACL named acl-violet.Follow these steps:

1To display all committed security ACLs, type the following command:

23x0# show security acl info all

ACL information for all

set security acl ip acl-violet (hits #2 0)

----------------------------------------------------

1.permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits

2To add another ACE to the end of acl-violet, type the following command:

23x0# set security acl ip acl-violet permit 192.168.123.11 0.0.0.255 hits

3To commit the updated security ACL acl-violet, type the following command:

23x0# commit security acl acl-violet success: change accepted.

4To display the updated acl-violet, type the following command:

23x0# show security acl info all

ACL information for all

set security acl ip acl-violet (hits #2 0)

----------------------------------------------------

1.permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits

2.permit IP source IP 192.168.123.11 0.0.0.255 destination IP any enable-hits

320657-A

Page 370
Image 370
Nortel Networks 2300 manual Adding Another ACE to a Security ACL, 23x0# show security acl info all