Configuring IP ACLs
Command or Action
Step 7
(Optional) copy running-config startup-config
Example:
switch(config-acl)# copy running-config
startup-config
Changing an IP ACL
You can add and remove rules in an existing IPv4 or IPv6 ACL, but you cannot change existing rules. Instead,
to change a rule, you can remove it and recreate it with the desired changes.
If you need to add more rules between existing rules than the current sequence numbering allows, you can
use the resequence command to reassign sequence numbers.
Before you begin
We recommend that you perform ACL configuration using the Session Manager. This feature allows you to
verify ACL configuration and confirm that the resources required by the configuration are available prior to
committing them to the running configuration. This feature is especially useful for ACLs that include more
than about 1000 rules.
SUMMARY STEPS
1. configure terminal
2. Enter one of the following commands:
3. (Optional) [sequence-number] {permit | deny} protocol source destination
4. (Optional) [no] fragments {permit-all | deny-all}
5. (Optional) no {sequence-number | {permit | deny} protocol source destination}
6. (Optional) [no] statistics per-entry
7. (Optional) Enter one of the following commands:
8. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
• ip access-list name
• ipv6 access-list name
• show ip access-lists name
• show ipv6 access-lists name
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Purpose
Copies the running configuration to the startup
configuration.
Purpose
Enters global configuration mode.
Changing an IP ACL
235